Overview

overview

10

Static

static

1

nkNS2F.html

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nkNS2F

  • Size

    498B

  • Sample

    240614-z2c8pazejm

  • MD5

    7449048b18e1eb3950ec3f4f4d541c91

  • SHA1

    13266fbfa8625f819dfc480f73cbf70486731bc7

  • SHA256

    2c282fef474811eeb116a5e89dbb0c1f81b45c7e2c0ad708d929ffa2a2b3333a

  • SHA512

    98c31cf642263f05cc5a10e513682887fde61d9e8ddfdc454597d6b8e5ab75dacf8b2473ddaa7ee368b495806e193a004e07c2e00908e7545260f89fb6066b44

Score
10/10
execution

Malware Config

Targets

    • Target

      nkNS2F

    • Size

      498B

    • MD5

      7449048b18e1eb3950ec3f4f4d541c91

    • SHA1

      13266fbfa8625f819dfc480f73cbf70486731bc7

    • SHA256

      2c282fef474811eeb116a5e89dbb0c1f81b45c7e2c0ad708d929ffa2a2b3333a

    • SHA512

      98c31cf642263f05cc5a10e513682887fde61d9e8ddfdc454597d6b8e5ab75dacf8b2473ddaa7ee368b495806e193a004e07c2e00908e7545260f89fb6066b44

    Score
    10/10
    execution

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks