309f02cee7d24d73ac7aba5671a0fd41b3aa9807e935fb14e5ee441dd9433a42 | Triage

Sharing

General

Target

309f02cee7d24d73ac7aba5671a0fd41b3aa9807e935fb14e5ee441dd9433a42N
Size

250KB
Sample

241004-slznesvfld
MD5

fcd3a9f2c7b002caf8c38e9cf3538880
SHA1

4ef8b2fc3827ff326439c7aa644279720b2c8635
SHA256

309f02cee7d24d73ac7aba5671a0fd41b3aa9807e935fb14e5ee441dd9433a42
SHA512

40f7905ae8578711996cb3de95e0906779d41e4b9e2ccf3af15f622a74d96c00f8185150d19ef9020de4a867afd1971208162879263f7771b700c1801b94aba8
SSDEEP

6144:oxZ3ZqXwFH59B1vpAsINVDK3J8ZT8wYM+6k6fLePUDdFMH8/dno:orZDZRV2OZ8trB+6hf5dr/O

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  309f02cee7d24d73ac7aba5671a0fd41b3aa9807e935fb14e5ee441dd9433a42N
- Size
  
  250KB
- MD5
  
  fcd3a9f2c7b002caf8c38e9cf3538880
- SHA1
  
  4ef8b2fc3827ff326439c7aa644279720b2c8635
- SHA256
  
  309f02cee7d24d73ac7aba5671a0fd41b3aa9807e935fb14e5ee441dd9433a42
- SHA512
  
  40f7905ae8578711996cb3de95e0906779d41e4b9e2ccf3af15f622a74d96c00f8185150d19ef9020de4a867afd1971208162879263f7771b700c1801b94aba8
- SSDEEP
  
  6144:oxZ3ZqXwFH59B1vpAsINVDK3J8ZT8wYM+6k6fLePUDdFMH8/dno:orZDZRV2OZ8trB+6hf5dr/O
Score

7^/10

discovery persistence
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence