bc87fe928ae0192a255156c7d26ba9dd59b5553326f61c3fb2e855bfb68f7372 | Triage

Sharing

General

Target

bc87fe928ae0192a255156c7d26ba9dd59b5553326f61c3fb2e855bfb68f7372.exe
Size

1.7MB
Sample

241018-c3yjpasapg
MD5

6608143604c2ad3f19690fe0f9966e10
SHA1

6266e58782b866b84363aef7709d7f205a710335
SHA256

bc87fe928ae0192a255156c7d26ba9dd59b5553326f61c3fb2e855bfb68f7372
SHA512

c2cc3f50efd9a1f70b195dd8580ae7ab5bfbe43849f095e6ec4d2034360e252c4ea77b6740d34c3eb3d94b20a26c761c5db6e04d037e6d83d30a7553ee58e98a
SSDEEP

49152:/SzQnyRCV4g0FI25aUs0orSdGlDSHk27Eaq:Y2V4g0FI25a5WdGlDSHB

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  bc87fe928ae0192a255156c7d26ba9dd59b5553326f61c3fb2e855bfb68f7372.exe
- Size
  
  1.7MB
- MD5
  
  6608143604c2ad3f19690fe0f9966e10
- SHA1
  
  6266e58782b866b84363aef7709d7f205a710335
- SHA256
  
  bc87fe928ae0192a255156c7d26ba9dd59b5553326f61c3fb2e855bfb68f7372
- SHA512
  
  c2cc3f50efd9a1f70b195dd8580ae7ab5bfbe43849f095e6ec4d2034360e252c4ea77b6740d34c3eb3d94b20a26c761c5db6e04d037e6d83d30a7553ee58e98a
- SSDEEP
  
  49152:/SzQnyRCV4g0FI25aUs0orSdGlDSHk27Eaq:Y2V4g0FI25a5WdGlDSHB
Score

10^/10

discovery persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence