d7737947b934ec2b5f21190c7d7e72871d715b9528988bccb7ef6211bec4c843 | Triage

Sharing

General

Target

MfFgzT
Size

512B
Sample

240919-hjlcxawakf
MD5

57292c5b5933fa957d77b4443d5e2947
SHA1

c51ae5797a024b2d4c803dfc815841aadff2929e
SHA256

d7737947b934ec2b5f21190c7d7e72871d715b9528988bccb7ef6211bec4c843
SHA512

411dfd63f1cb8591af5f4abc123a1ea48301222477ca22dd71e8a9d90e01e22b1ba2ad17c473cff27b5424977b58fa4ab60a792e9bd3b2bd42ea7966cdccacf1

Score

7^/10

defense_evasion discovery execution privilege_escalation

Malware Config

Targets

- Target
  
  MfFgzT
- Size
  
  512B
- MD5
  
  57292c5b5933fa957d77b4443d5e2947
- SHA1
  
  c51ae5797a024b2d4c803dfc815841aadff2929e
- SHA256
  
  d7737947b934ec2b5f21190c7d7e72871d715b9528988bccb7ef6211bec4c843
- SHA512
  
  411dfd63f1cb8591af5f4abc123a1ea48301222477ca22dd71e8a9d90e01e22b1ba2ad17c473cff27b5424977b58fa4ab60a792e9bd3b2bd42ea7966cdccacf1
Score

7^/10

defense_evasion discovery execution privilege_escalation
- Executes dropped EXE
- Checks for any installed AV software in registry
- Hide Artifacts: Hidden Window
  Windows that would typically be displayed when an application carries out an operation can be hidden.
  defense_evasion
- Command and Scripting Interpreter: PowerShell
  Start PowerShell.
  execution
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Access Token Manipulation

Create Process with Token

Defense Evasion

Access Token Manipulation

Create Process with Token

Hide Artifacts

Hidden Window

Credential Access

Discovery

Browser Information Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionprivilege_escalation

behavioral2