245ba0351080ccf876cbc8458ea9c656ba0ed0a7cfee34a1775df1d22f27a26b | Triage

Sharing

General

Target

48e40980c5b46894f2558b4c64a8ba10N
Size

137KB
Sample

240911-3rwh3azdpd
MD5

48e40980c5b46894f2558b4c64a8ba10
SHA1

a08f4a13f6f406694c59cf58928afdcf2b63bfb1
SHA256

245ba0351080ccf876cbc8458ea9c656ba0ed0a7cfee34a1775df1d22f27a26b
SHA512

198d6d01ac3977c00ad61ecbd366dc541bfbdaf9a693354b7e8d3e0612d8e9b4f7767f1c2ea3fc842aad7d632321c9a1faaa37aa9f49aafe230513d473e10132
SSDEEP

3072:ER02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuo:h25GgFny61mraK

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  48e40980c5b46894f2558b4c64a8ba10N
- Size
  
  137KB
- MD5
  
  48e40980c5b46894f2558b4c64a8ba10
- SHA1
  
  a08f4a13f6f406694c59cf58928afdcf2b63bfb1
- SHA256
  
  245ba0351080ccf876cbc8458ea9c656ba0ed0a7cfee34a1775df1d22f27a26b
- SHA512
  
  198d6d01ac3977c00ad61ecbd366dc541bfbdaf9a693354b7e8d3e0612d8e9b4f7767f1c2ea3fc842aad7d632321c9a1faaa37aa9f49aafe230513d473e10132
- SSDEEP
  
  3072:ER02WMK8RJGInTlhnaBanONVk40rpg4yeF/TyUGSK9FrafcUksPxx6iTUuo:h25GgFny61mraK
Score

8^/10

discovery persistence
- Boot or Logon Autostart Execution: Port Monitors
  Adversaries may use port monitors to run an adversary supplied DLL during system boot for persistence or privilege escalation.
  persistence
- Sets service image path in registry
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Port Monitors

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Port Monitors

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence