1dd302d638ae4beb47b594b5d84747e1f5b208a39aec063a99b573751e71582e | Triage

Sharing

General

Target

1dd302d638ae4beb47b594b5d84747e1f5b208a39aec063a99b573751e71582e.exe
Size

1.7MB
Sample

240920-bhxk8a1fjq
MD5

22c6ca5009da8ba6aa3ce56804d555d2
SHA1

d27b8ff92db538101b17fa473950fb3aea553acf
SHA256

1dd302d638ae4beb47b594b5d84747e1f5b208a39aec063a99b573751e71582e
SHA512

5f0b6e60bc41f4d86e808f13ac818d5982a106d7b92b76ee299eb62e1ef32b6516e4d69452edd77a1e0ae26cf7820f0c3bd7018799f44fce7dd57423982f0338
SSDEEP

49152:V6J/WsBWHqVFoeWjCpSvswKBHohHoOFM2RndY:q/WuWwoe6CEvsvBIhHoD2Rd

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  1dd302d638ae4beb47b594b5d84747e1f5b208a39aec063a99b573751e71582e.exe
- Size
  
  1.7MB
- MD5
  
  22c6ca5009da8ba6aa3ce56804d555d2
- SHA1
  
  d27b8ff92db538101b17fa473950fb3aea553acf
- SHA256
  
  1dd302d638ae4beb47b594b5d84747e1f5b208a39aec063a99b573751e71582e
- SHA512
  
  5f0b6e60bc41f4d86e808f13ac818d5982a106d7b92b76ee299eb62e1ef32b6516e4d69452edd77a1e0ae26cf7820f0c3bd7018799f44fce7dd57423982f0338
- SSDEEP
  
  49152:V6J/WsBWHqVFoeWjCpSvswKBHohHoOFM2RndY:q/WuWwoe6CEvsvBIhHoD2Rd
Score

10^/10

discovery persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence