General

  • Target

    ngvl.exe

  • Size

    1.5MB

  • Sample

    240823-jgeb9avaqk

  • MD5

    6df0b7e92a08fe937b571172d787086b

  • SHA1

    f598674686f0e072cb1350656288fd8b77398192

  • SHA256

    d2fb6a2d329b3ddf2f6c67744529043eb3396bcf72e0646dd9e8eb4f4533505d

  • SHA512

    1f868259337b8ba4d6e1d29d422f15c279726b26352b4fe43806bc310d5053d254e34ca2f987ebd3c17e179344a52935fa920826e0d6c7e152b6edb6c1d58a75

  • SSDEEP

    24576:tkdmXgbiJczOH14NmZVj7fvkJwpoDflHLwhxKn1CRntOZdshd5dI/0m0I/xtjAwX:d14NmZVHEJw8flHchkgoWbLI/xrx

Score
10/10

Malware Config

Targets

    • Target

      ngvl.exe

    • Size

      1.5MB

    • MD5

      6df0b7e92a08fe937b571172d787086b

    • SHA1

      f598674686f0e072cb1350656288fd8b77398192

    • SHA256

      d2fb6a2d329b3ddf2f6c67744529043eb3396bcf72e0646dd9e8eb4f4533505d

    • SHA512

      1f868259337b8ba4d6e1d29d422f15c279726b26352b4fe43806bc310d5053d254e34ca2f987ebd3c17e179344a52935fa920826e0d6c7e152b6edb6c1d58a75

    • SSDEEP

      24576:tkdmXgbiJczOH14NmZVj7fvkJwpoDflHLwhxKn1CRntOZdshd5dI/0m0I/xtjAwX:d14NmZVHEJw8flHchkgoWbLI/xrx

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks