General
-
Target
059bd08260905484376ecf615422f332c0bb85c50d46bd72db2ef582cd416ee5
-
Size
5.8MB
-
Sample
240915-ltlm7sxdne
-
MD5
54412b71ea7131807f7deb790419b599
-
SHA1
601bd3f38ad8ef4a40ec3f7a05335ff65c8d24e9
-
SHA256
059bd08260905484376ecf615422f332c0bb85c50d46bd72db2ef582cd416ee5
-
SHA512
3622035afd091ef8fbfc79b56c8a05c81470c6ca01c1ab3d596f6d3acffcb5d725484ed0e321dbed4900b6f4811316234266a72cc2849eba218114f464d786c3
-
SSDEEP
98304:Dab1BTT+LfX6NrYkF3kxM4P5wPgyAqohJ8NJxmwAlicL3dRgGjCI/tx:DM9TH9F3OM4POIyAqglD3dRgG+I
Malware Config
Targets
-
-
Target
059bd08260905484376ecf615422f332c0bb85c50d46bd72db2ef582cd416ee5
-
Size
5.8MB
-
MD5
54412b71ea7131807f7deb790419b599
-
SHA1
601bd3f38ad8ef4a40ec3f7a05335ff65c8d24e9
-
SHA256
059bd08260905484376ecf615422f332c0bb85c50d46bd72db2ef582cd416ee5
-
SHA512
3622035afd091ef8fbfc79b56c8a05c81470c6ca01c1ab3d596f6d3acffcb5d725484ed0e321dbed4900b6f4811316234266a72cc2849eba218114f464d786c3
-
SSDEEP
98304:Dab1BTT+LfX6NrYkF3kxM4P5wPgyAqohJ8NJxmwAlicL3dRgGjCI/tx:DM9TH9F3OM4POIyAqglD3dRgG+I
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Stops running service(s)
-
Executes dropped EXE
-
Indicator Removal: Clear Windows Event Logs
Clear Windows Event Logs to hide the activity of an intrusion.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-