af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

General

Target

af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403
Size

36.5MB
Sample

240623-mf1qmsscnn
MD5

0e12bdd2a8200d4c1f368750e2c87bfe
SHA1

6c8b533e2c7f6ebef027971c3a06f4c55ed64cfe
SHA256

af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403
SHA512

909f15876f3a6cbe608eb53df4286927b013c45ff6acbc496a1590b9cc3fe47b1bb449ed45c3302f6d03cccb876cd2cc26f2b5e7c1ca4ff2d17dd4dee77bf75b
SSDEEP

393216:sYJEy4Te0rrigZ9BCbZPBKAgKBXSTzdOskYXXDeycerzHP+THt+/nDSpQg:sYJcrlZ9BGfg8XIJOkXXPCTV

Score

8^/10

execution persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe

Resource

win10v2004-20240508-en

execution persistence

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403.exe

Resource

win11-20240508-en

execution persistence

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403
- Size
  
  36.5MB
- MD5
  
  0e12bdd2a8200d4c1f368750e2c87bfe
- SHA1
  
  6c8b533e2c7f6ebef027971c3a06f4c55ed64cfe
- SHA256
  
  af77c0b6a10ac159b0e3c87c02e16a2b44daab8e67fe097327e90ae48f814403
- SHA512
  
  909f15876f3a6cbe608eb53df4286927b013c45ff6acbc496a1590b9cc3fe47b1bb449ed45c3302f6d03cccb876cd2cc26f2b5e7c1ca4ff2d17dd4dee77bf75b
- SSDEEP
  
  393216:sYJEy4Te0rrigZ9BCbZPBKAgKBXSTzdOskYXXDeycerzHP+THt+/nDSpQg:sYJcrlZ9BGfg8XIJOkXXPCTV
Score

8^/10

execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Creates new service(s)
  persistence execution
- Executes dropped EXE
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

executionpersistence

behavioral2

executionpersistence

© 2018-2024

Terms | Privacy