Overview

overview

8

Static

static

1

Ref_702192...50.exe

windows7-x64

8

Ref_702192...50.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1651418d1674fcacf4af8f3b4f26524f10c9059ff06157b4005043c058376c11.lzh

  • Size

    1.0MB

  • Sample

    240726-tzf9nszamq

  • MD5

    3ca27595f6474a7f07f49206ccd278b3

  • SHA1

    9c82811ffebf6c8a8d441590c352a4db8d516c23

  • SHA256

    1651418d1674fcacf4af8f3b4f26524f10c9059ff06157b4005043c058376c11

  • SHA512

    112b175940f8799c6b7c02dfb2bd9ca47c1a3cdddbf3caf1771d3439cd4fade105aa786a7964e5179cdaec0366b20f5852b42c6200ba1e3daf91ab7d677021a3

  • SSDEEP

    24576:AkDKszHVVwDPTseCpEpD2FqgjyROMDCmKLstfnC2nt5hF4r:usDVS/AepyNjyR7ri8vCcD4r

Score
8/10
discoveryexecutionpersistence

Malware Config

Targets

    • Target

      Ref_7021929821US20240709031221650.exe

    • Size

      1.2MB

    • MD5

      14ccec59fadc72b86d26c85c0db16b6e

    • SHA1

      93e2223d7c8268cdc31681e257691223bf85c31f

    • SHA256

      78c5e8ca9474815c1cd85825b00d9be487a0e049fb827b12ef74bc57580cd3f5

    • SHA512

      dfc0c8320ae7f8f6493db8a6969419f5ec7992a0ffa6f8c51cd45cc032739fd97c8ac382874097d48d9b7f89bd928649ecd9552f867f8b524aa05634482462a0

    • SSDEEP

      24576:0ZbqxGFMhCGa7cQPsUkPyQ1lF0jYb67fx5hmku83oD1dEUu28KkzFu7biFW:8bqxGFMhCGa7cQEUWF0jq67JXmkoMXLU

    Score
    8/10
    discoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks