a48e4c9ca04b69eef5063ee39170dbf7fb5d2647c4a27b988e28ad52c24aedb6 | Triage

Submit
Reports

Overview

overview

Static

static

3

a48e4c9ca0...b6.exe

windows7-x64

a48e4c9ca0...b6.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a48e4c9ca04b69eef5063ee39170dbf7fb5d2647c4a27b988e28ad52c24aedb6.exe
Size

9.1MB
Sample

240821-ff9j8a1are
MD5

05faaa16e93b89eac5f58ca9d7bb0530
SHA1

289ceb53db0cd28e259d398df04eebfe62563dcd
SHA256

a48e4c9ca04b69eef5063ee39170dbf7fb5d2647c4a27b988e28ad52c24aedb6
SHA512

f371bb76f4718f54e4485b5bcc5df49fa25afcf4d7da0af4a96ab3ffd4e3d818e2093eb0c946613f4c9028e3269b9c8e843f5ee59dc85e7209e9c3b4079b1254
SSDEEP

196608:EdBFFhL/RErGO/zcepY3EDhKRuJZYYE1H/0zRS:MBFFhL/RErGO4eMJ4JZY/Mz

Score

10^/10

defense_evasion discovery evasion execution

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a48e4c9ca04b69eef5063ee39170dbf7fb5d2647c4a27b988e28ad52c24aedb6.exe

Resource

win7-20240704-en

discovery evasion execution

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

a48e4c9ca04b69eef5063ee39170dbf7fb5d2647c4a27b988e28ad52c24aedb6.exe

Resource

win10v2004-20240802-en

defense_evasion discovery execution

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  a48e4c9ca04b69eef5063ee39170dbf7fb5d2647c4a27b988e28ad52c24aedb6.exe
- Size
  
  9.1MB
- MD5
  
  05faaa16e93b89eac5f58ca9d7bb0530
- SHA1
  
  289ceb53db0cd28e259d398df04eebfe62563dcd
- SHA256
  
  a48e4c9ca04b69eef5063ee39170dbf7fb5d2647c4a27b988e28ad52c24aedb6
- SHA512
  
  f371bb76f4718f54e4485b5bcc5df49fa25afcf4d7da0af4a96ab3ffd4e3d818e2093eb0c946613f4c9028e3269b9c8e843f5ee59dc85e7209e9c3b4079b1254
- SSDEEP
  
  196608:EdBFFhL/RErGO/zcepY3EDhKRuJZYYE1H/0zRS:MBFFhL/RErGO4eMJ4JZY/Mz
Score

10^/10

discovery evasion execution defense_evasion
- Modifies security service
  evasion
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Looks for VirtualBox Guest Additions in registry
  evasion
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Indicator Removal: Clear Windows Event Logs
  Clear Windows Event Logs to hide the activity of an intrusion.
  defense_evasion
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Indicator Removal

Clear Windows Event Logs

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexecution

behavioral2

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy