d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad.exe
Size

11.5MB
Sample

240728-b3b51s1blk
MD5

190e4ed7759276e78d16398673996b2b
SHA1

ce5bb936ab809356d5b0bc29b6be2e0d07d3dc0a
SHA256

d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad
SHA512

99cf79aba0afc528341c3ef474ba4ab71e50faf497536e74f8d985c39e85d5e145fb86262bac3e95e4c7752c3c0294751d4a988c2f4fbe5bcfcd3c6d19ef9c70
SSDEEP

49152:h3FUhq8uEA5Cu+Ng9hxWpZdESPzNHk8aPu9ipJY0/CcjaChdReYEk8fSj+TBmkOv://CvGkk+8qc8On18iiDoA1PdxGdQI

Score

10^/10

discovery evasion execution persistence

Malware Config

Targets

- Target
  
  d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad.exe
- Size
  
  11.5MB
- MD5
  
  190e4ed7759276e78d16398673996b2b
- SHA1
  
  ce5bb936ab809356d5b0bc29b6be2e0d07d3dc0a
- SHA256
  
  d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad
- SHA512
  
  99cf79aba0afc528341c3ef474ba4ab71e50faf497536e74f8d985c39e85d5e145fb86262bac3e95e4c7752c3c0294751d4a988c2f4fbe5bcfcd3c6d19ef9c70
- SSDEEP
  
  49152:h3FUhq8uEA5Cu+Ng9hxWpZdESPzNHk8aPu9ipJY0/CcjaChdReYEk8fSj+TBmkOv://CvGkk+8qc8On18iiDoA1PdxGdQI
Score

10^/10

discovery evasion execution persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Creates new service(s)
  persistence execution
- Stops running service(s)
  evasion execution
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

discoveryevasionexecutionpersistence