671c658afe305ea04c52765d7c30dc0ea0a08398f1b35f71ff3396d3069bd455 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bypass.exe
Size

198KB
Sample

240625-s9lrga1hrp
MD5

b40b0a567971c3b3bbf0cfabdb46521f
SHA1

e0f1ef6645f9c674937c64c09c4e24ce9e386d2f
SHA256

671c658afe305ea04c52765d7c30dc0ea0a08398f1b35f71ff3396d3069bd455
SHA512

33fe91e7cdd0e443cbc46a8a2cf38bbd4e295d12c86ed8b89fa01b9941a985c317229c90a6fc97c2d186bad1c07432cae9bf67f7fc8e8d6462a5899a6e6a5627
SSDEEP

3072:erzYw5MATMS4diyTX2sn3AFhvmJTQSaMm5/6Pq0I3M9v7:+h5US4diyCsQYWlXV3M9v

Score

8^/10

evasion execution persistence privilege_escalation

Malware Config

Targets

- Target
  
  bypass.exe
- Size
  
  198KB
- MD5
  
  b40b0a567971c3b3bbf0cfabdb46521f
- SHA1
  
  e0f1ef6645f9c674937c64c09c4e24ce9e386d2f
- SHA256
  
  671c658afe305ea04c52765d7c30dc0ea0a08398f1b35f71ff3396d3069bd455
- SHA512
  
  33fe91e7cdd0e443cbc46a8a2cf38bbd4e295d12c86ed8b89fa01b9941a985c317229c90a6fc97c2d186bad1c07432cae9bf67f7fc8e8d6462a5899a6e6a5627
- SSDEEP
  
  3072:erzYw5MATMS4diyTX2sn3AFhvmJTQSaMm5/6Pq0I3M9v7:+h5US4diyCsQYWlXV3M9v
Score

8^/10

evasion execution persistence privilege_escalation
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Impair Defenses

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistenceprivilege_escalation

behavioral2