f4c722435e2e8428aa5736b768cb0140b09a381e810150b5bf965aaa55ba7e99 | Triage

Sharing

General

Target

PYOhhJc3begnCTC0.exe
Size

16.5MB
Sample

240725-mjxs6awfne
MD5

6aaca7d595518426e1e030d77560bbe2
SHA1

021e51122e32976b7e919e96bbcca0c9c4de1553
SHA256

f4c722435e2e8428aa5736b768cb0140b09a381e810150b5bf965aaa55ba7e99
SHA512

e7551c7119e3b4cf7173717666f449ac33129d022fa21cfb206833ef920c15e640ff30dee9dc6617ecb875741fe2e72eece944b739dcd8c79b640f417cf92564
SSDEEP

393216:OzBd2r1utiSDLyjyg5/Y1eoLbAZ4KPBJ7uQpMCpnshWk:8u1utbyjyuY8oLbAZ4KPz7utOG

Score

8^/10

evasion execution

Malware Config

Targets

- Target
  
  PYOhhJc3begnCTC0.exe
- Size
  
  16.5MB
- MD5
  
  6aaca7d595518426e1e030d77560bbe2
- SHA1
  
  021e51122e32976b7e919e96bbcca0c9c4de1553
- SHA256
  
  f4c722435e2e8428aa5736b768cb0140b09a381e810150b5bf965aaa55ba7e99
- SHA512
  
  e7551c7119e3b4cf7173717666f449ac33129d022fa21cfb206833ef920c15e640ff30dee9dc6617ecb875741fe2e72eece944b739dcd8c79b640f417cf92564
- SSDEEP
  
  393216:OzBd2r1utiSDLyjyg5/Y1eoLbAZ4KPBJ7uQpMCpnshWk:8u1utbyjyuY8oLbAZ4KPz7utOG
Score

8^/10

evasion execution
- Stops running service(s)
  evasion execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionexecution