ab0ca1d93238d0efc02a41a7b311efe3fc07c042f22d0608d33ea5313a667e55 | Triage

Sharing

General

Target

ab0ca1d93238d0efc02a41a7b311efe3fc07c042f22d0608d33ea5313a667e55
Size

660KB
Sample

240820-pbh15svdjk
MD5

8083fed730e151bf47528621db8e7ff8
SHA1

4ab5e2eb5c6326fd68704cdc5a4f719d332f51a6
SHA256

ab0ca1d93238d0efc02a41a7b311efe3fc07c042f22d0608d33ea5313a667e55
SHA512

a36f22356558565a90107f3618d9d9ac8a20da73616aa97a87d3ea41c8f444847a6bb56856feae87a1ca5c6cc748bf6ce1c43d5e348dd9ea80cdd3c3dbd0d47b
SSDEEP

12288:nQZ3hb7F0Rz5oquPojKv3rLMmVIhF2nde4S9MQfh0/Al2B4KtFejEqhPBBl0:G8zOFPOKzLM0k4dQf2B1E4q5Bs

Score

8^/10

execution

Malware Config

Targets

- Target
  
  ab0ca1d93238d0efc02a41a7b311efe3fc07c042f22d0608d33ea5313a667e55
- Size
  
  660KB
- MD5
  
  8083fed730e151bf47528621db8e7ff8
- SHA1
  
  4ab5e2eb5c6326fd68704cdc5a4f719d332f51a6
- SHA256
  
  ab0ca1d93238d0efc02a41a7b311efe3fc07c042f22d0608d33ea5313a667e55
- SHA512
  
  a36f22356558565a90107f3618d9d9ac8a20da73616aa97a87d3ea41c8f444847a6bb56856feae87a1ca5c6cc748bf6ce1c43d5e348dd9ea80cdd3c3dbd0d47b
- SSDEEP
  
  12288:nQZ3hb7F0Rz5oquPojKv3rLMmVIhF2nde4S9MQfh0/Al2B4KtFejEqhPBBl0:G8zOFPOKzLM0k4dQf2B1E4q5Bs
Score

8^/10

execution
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2