b3688db852d9a57834ef758cd54a9507fad2de1854a2faed23bda53411000383 | Triage

Resubmissions

15-09-2024 09:12

240915-k6lnaswcrc 9

15-09-2024 09:10

240915-k47srawcla 9

Sharing

General

Target

patch.exe
Size

4.8MB
Sample

240915-k6lnaswcrc
MD5

ff4bc7a206b856502dd647e94dec5c8f
SHA1

4a3d0e4fb6fb2a7ac633a288a0d2ce8f14286cda
SHA256

b3688db852d9a57834ef758cd54a9507fad2de1854a2faed23bda53411000383
SHA512

f93170b9fe1b06e9c48a255bede5a1150e8125d09d6c5d1fe8438525b40b648f8bcb86a79d3453d6f45f4392cc946214088ac3aa24ee298ff36579f22da1c1cc
SSDEEP

98304:8L1CNqRBQsRE+Mv2RJlmQJu6A3ty6gVLPysH:81H42RJs+ODzY

Score

9^/10

discovery persistence

Malware Config

Targets

- Target
  
  patch.exe
- Size
  
  4.8MB
- MD5
  
  ff4bc7a206b856502dd647e94dec5c8f
- SHA1
  
  4a3d0e4fb6fb2a7ac633a288a0d2ce8f14286cda
- SHA256
  
  b3688db852d9a57834ef758cd54a9507fad2de1854a2faed23bda53411000383
- SHA512
  
  f93170b9fe1b06e9c48a255bede5a1150e8125d09d6c5d1fe8438525b40b648f8bcb86a79d3453d6f45f4392cc946214088ac3aa24ee298ff36579f22da1c1cc
- SSDEEP
  
  98304:8L1CNqRBQsRE+Mv2RJlmQJu6A3ty6gVLPysH:81H42RJs+ODzY
Score

9^/10

discovery persistence
- Detected Nirsoft tools
  Free utilities often used by attackers which can steal passwords, product keys, etc.
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence