General
-
Target
9493660c3d8cd4ddb6df8fee3c8f1470c876cf9076311e5f26c3fd4218a74b79
-
Size
158KB
-
Sample
240620-a1zmvsyhrc
-
MD5
629205c3fafec1ec163409031790146d
-
SHA1
1bd9432378e21774324a4f0e34f4f6933ccb94b0
-
SHA256
9493660c3d8cd4ddb6df8fee3c8f1470c876cf9076311e5f26c3fd4218a74b79
-
SHA512
40305f90a85572da5269c0f5c9589f5ddb5c603e8cad6faebc2f9de53cdee99781970447f194822ed912c77f3abe0956996d4ee4e1f7edd4c7b06b497ada6e45
-
SSDEEP
1536:JxqjQ+P04wsmJCu8SBKygMc5FWF96RDW3Mz8c+nowfs6Zfe7MI8ACc+aprlOxqjh:sr85CpSfg5Fo6xdwc+08anp9r85C
Behavioral task
behavioral1
Sample
9493660c3d8cd4ddb6df8fee3c8f1470c876cf9076311e5f26c3fd4218a74b79.exe
Resource
win7-20240419-en
Malware Config
Targets
-
-
Target
9493660c3d8cd4ddb6df8fee3c8f1470c876cf9076311e5f26c3fd4218a74b79
-
Size
158KB
-
MD5
629205c3fafec1ec163409031790146d
-
SHA1
1bd9432378e21774324a4f0e34f4f6933ccb94b0
-
SHA256
9493660c3d8cd4ddb6df8fee3c8f1470c876cf9076311e5f26c3fd4218a74b79
-
SHA512
40305f90a85572da5269c0f5c9589f5ddb5c603e8cad6faebc2f9de53cdee99781970447f194822ed912c77f3abe0956996d4ee4e1f7edd4c7b06b497ada6e45
-
SSDEEP
1536:JxqjQ+P04wsmJCu8SBKygMc5FWF96RDW3Mz8c+nowfs6Zfe7MI8ACc+aprlOxqjh:sr85CpSfg5Fo6xdwc+08anp9r85C
-
Detect Neshta payload
-
Modifies security service
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Phorphiex payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1