406cc06019bb0da53c62693434e57b17c5d8884e17a5ada45231b6b56866be84 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2df7c441e17d9e88f75d6588d3999e40N.exe
Size

221KB
Sample

240721-aef9ds1fkf
MD5

2df7c441e17d9e88f75d6588d3999e40
SHA1

b2bab80b15f53931fe2ba2824dbea4ec46c50477
SHA256

406cc06019bb0da53c62693434e57b17c5d8884e17a5ada45231b6b56866be84
SHA512

af6df2fdd8405b2c864d7b1b4a71d9e703e00d647a8d1f1fe135a8c1a6045a42d4b4d862e99db9d0726a103f1bdd98962df3bacef3a908fe710084e2e847d062
SSDEEP

3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9Hodhfgiva4SVHBMkmp37C:/14RzUNsYN1B9nX9Ud9HXhY4LP

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  2df7c441e17d9e88f75d6588d3999e40N.exe
- Size
  
  221KB
- MD5
  
  2df7c441e17d9e88f75d6588d3999e40
- SHA1
  
  b2bab80b15f53931fe2ba2824dbea4ec46c50477
- SHA256
  
  406cc06019bb0da53c62693434e57b17c5d8884e17a5ada45231b6b56866be84
- SHA512
  
  af6df2fdd8405b2c864d7b1b4a71d9e703e00d647a8d1f1fe135a8c1a6045a42d4b4d862e99db9d0726a103f1bdd98962df3bacef3a908fe710084e2e847d062
- SSDEEP
  
  3072:/Bb4M+rlz9GMSu3oHWWH1+cmm/foQnNtH5LcRQsq0d9Hodhfgiva4SVHBMkmp37C:/14RzUNsYN1B9nX9Ud9HXhY4LP
Score

8^/10

persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2