f4c17504abefb71eb0c21d022a9dfb11e6a7ce58e0f281ce0138de76d570b9dc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ThemeTool.exe
Size

273KB
Sample

240908-n5wcwsvcqj
MD5

cf5b19012a76c5a8d96da64533dd3bfc
SHA1

1638ab13060dba24dd71585169fa1fc4e3864b29
SHA256

f4c17504abefb71eb0c21d022a9dfb11e6a7ce58e0f281ce0138de76d570b9dc
SHA512

1c3642b7ed51a8f00bc7fbc41e1602f24cdd9773004f5547b9be7e756c2cd6897cf8d3e69aff1b57591949613e76c7fc8dd7719ee4c8c247d87b173376204aa4
SSDEEP

6144:xHq9dSA0lmZS1dbG1pEYWb+H8rFUJpzRlqOyGL:lqx0lmZS1RVbNhOyw

Score

8^/10

defense_evasion discovery persistence

Malware Config

Targets

- Target
  
  ThemeTool.exe
- Size
  
  273KB
- MD5
  
  cf5b19012a76c5a8d96da64533dd3bfc
- SHA1
  
  1638ab13060dba24dd71585169fa1fc4e3864b29
- SHA256
  
  f4c17504abefb71eb0c21d022a9dfb11e6a7ce58e0f281ce0138de76d570b9dc
- SHA512
  
  1c3642b7ed51a8f00bc7fbc41e1602f24cdd9773004f5547b9be7e756c2cd6897cf8d3e69aff1b57591949613e76c7fc8dd7719ee4c8c247d87b173376204aa4
- SSDEEP
  
  6144:xHq9dSA0lmZS1dbG1pEYWb+H8rFUJpzRlqOyGL:lqx0lmZS1RVbNhOyw
Score

8^/10

defense_evasion discovery persistence
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Loads dropped DLL
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Indicator Removal

Clear Persistence

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence