35a70c1d13fa8d48bcae21652dc6b86b46aad40f5dd0d14d2e336c95477cf0cb | Triage

Submit
Reports

Overview

overview

Static

static

35a70c1d13...cb.exe

windows7-x64

35a70c1d13...cb.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

35a70c1d13fa8d48bcae21652dc6b86b46aad40f5dd0d14d2e336c95477cf0cb
Size

91KB
Sample

240614-y6npjsvble
MD5

0034f2534cdb6f116d879862a841597a
SHA1

20664493043369eab5f6710a081b47be31ff9342
SHA256

35a70c1d13fa8d48bcae21652dc6b86b46aad40f5dd0d14d2e336c95477cf0cb
SHA512

5feb4ace265f7bd43c1552fd4a8f914b0aec84db66e65182b459de94ffcd40b9a888c60e9eda29eacdc61fa49efc17e5277b0a39b26917e020a5add0a6eff870
SSDEEP

1536:zAwEmBZ04faWmtN4nic+6GQAwEmBZ04faWmtN4nic+6GU:zGms4Eton0QGms4Eton0U

Score

10^/10

evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

35a70c1d13fa8d48bcae21652dc6b86b46aad40f5dd0d14d2e336c95477cf0cb.exe

Resource

win7-20240611-en

evasion persistence

windows7-x64

26 signatures

150 seconds

Behavioral task

behavioral2

Sample

35a70c1d13fa8d48bcae21652dc6b86b46aad40f5dd0d14d2e336c95477cf0cb.exe

Resource

win10v2004-20240226-en

evasion persistence

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  35a70c1d13fa8d48bcae21652dc6b86b46aad40f5dd0d14d2e336c95477cf0cb
- Size
  
  91KB
- MD5
  
  0034f2534cdb6f116d879862a841597a
- SHA1
  
  20664493043369eab5f6710a081b47be31ff9342
- SHA256
  
  35a70c1d13fa8d48bcae21652dc6b86b46aad40f5dd0d14d2e336c95477cf0cb
- SHA512
  
  5feb4ace265f7bd43c1552fd4a8f914b0aec84db66e65182b459de94ffcd40b9a888c60e9eda29eacdc61fa49efc17e5277b0a39b26917e020a5add0a6eff870
- SSDEEP
  
  1536:zAwEmBZ04faWmtN4nic+6GQAwEmBZ04faWmtN4nic+6GU:zGms4Eton0QGms4Eton0U
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects executables built or packed with MPress PE compressor
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy