5ed9fba25533a9f8302ca94381841f832b17880f9b7cf6da1cbcd1a1a439183f | Triage

Sharing

General

Target

5ed9fba25533a9f8302ca94381841f832b17880f9b7cf6da1cbcd1a1a439183f.exe
Size

1.7MB
Sample

240920-br7gsa1fqc
MD5

2bc092cb35ec5ebbc91e3c51638c98f0
SHA1

9600adb6a5d9cfb8a0dff5193e3cd4d12c201974
SHA256

5ed9fba25533a9f8302ca94381841f832b17880f9b7cf6da1cbcd1a1a439183f
SHA512

baae716296aa02d80e5c01d57b98491a7e73ead06702fa7dee43caef9855ddb6cb46778070bd6030f819c95b71d529285b79f39c3d092c17ba6cefd65bd24046
SSDEEP

49152:9ql8HT3DOOR3yAYLDsQjPeGzS4fm1GYc/v/o0Yvv1dgs:9ql8HTiQCxpj2GO+H3ApPg

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  5ed9fba25533a9f8302ca94381841f832b17880f9b7cf6da1cbcd1a1a439183f.exe
- Size
  
  1.7MB
- MD5
  
  2bc092cb35ec5ebbc91e3c51638c98f0
- SHA1
  
  9600adb6a5d9cfb8a0dff5193e3cd4d12c201974
- SHA256
  
  5ed9fba25533a9f8302ca94381841f832b17880f9b7cf6da1cbcd1a1a439183f
- SHA512
  
  baae716296aa02d80e5c01d57b98491a7e73ead06702fa7dee43caef9855ddb6cb46778070bd6030f819c95b71d529285b79f39c3d092c17ba6cefd65bd24046
- SSDEEP
  
  49152:9ql8HT3DOOR3yAYLDsQjPeGzS4fm1GYc/v/o0Yvv1dgs:9ql8HTiQCxpj2GO+H3ApPg
Score

10^/10

discovery persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence