7785e4ff79ca513520404d3d6590911d6c6c33fdea662f02779570ee446e736d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7785e4ff79ca513520404d3d6590911d6c6c33fdea662f02779570ee446e736d
Size

1.1MB
Sample

240722-25vy1stdlh
MD5

8ee7725202f085e17a0c61a414d0b921
SHA1

5400e70a44fc8113027982d56f2cb1a29aee05d6
SHA256

7785e4ff79ca513520404d3d6590911d6c6c33fdea662f02779570ee446e736d
SHA512

595260711c794cfb1dd3b83ae173a6198fd9378a3b055bc3fd629112ebc68767373a87307d33b671f431e4391d42a3030cda73d754d1bfa5d995efdbc7022f52
SSDEEP

12288:UZWtI6RkbGOF2O5GOFDYiZKTKw4QeN/7YkrWBfWhvRhQUo:UuhadETKw4QeN/7DSBfWho

Score

10^/10

evasion execution persistence

Malware Config

Targets

- Target
  
  7785e4ff79ca513520404d3d6590911d6c6c33fdea662f02779570ee446e736d
- Size
  
  1.1MB
- MD5
  
  8ee7725202f085e17a0c61a414d0b921
- SHA1
  
  5400e70a44fc8113027982d56f2cb1a29aee05d6
- SHA256
  
  7785e4ff79ca513520404d3d6590911d6c6c33fdea662f02779570ee446e736d
- SHA512
  
  595260711c794cfb1dd3b83ae173a6198fd9378a3b055bc3fd629112ebc68767373a87307d33b671f431e4391d42a3030cda73d754d1bfa5d995efdbc7022f52
- SSDEEP
  
  12288:UZWtI6RkbGOF2O5GOFDYiZKTKw4QeN/7YkrWBfWhvRhQUo:UuhadETKw4QeN/7DSBfWho
Score

10^/10

evasion execution persistence
- Disables service(s)
  evasion execution
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecutionpersistence

behavioral2

evasionexecutionpersistence