General
-
Target
c96a43db0abf02b0db8ca6efc658dc38.exe
-
Size
1.1MB
-
Sample
241107-3tey4azhnm
-
MD5
c96a43db0abf02b0db8ca6efc658dc38
-
SHA1
a7c1b56d517d66e054e17c6cbd54bb3f1eafab8d
-
SHA256
e407a38eed731274df47ae9255e471e6c1eadee50a786f93108d177d932f1172
-
SHA512
6a607ee81d5fa7837643402c9c1d657dea5f0e819b64731f92bf72383d416d6e219520f15e8fb6fd5531fb0b7a1464b80ec30f9699b4304863b276cc2831ff8a
-
SSDEEP
24576:BrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaT+DCfkPY:B2EYTb8atv1orq+pEiSDTj1VyvBaTJkQ
Static task
static1
Behavioral task
behavioral1
Sample
c96a43db0abf02b0db8ca6efc658dc38.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
c96a43db0abf02b0db8ca6efc658dc38.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
https://my.cloudme.com/v1/ws2/:slight-stood/:web/web.txt
Targets
-
-
Target
c96a43db0abf02b0db8ca6efc658dc38.exe
-
Size
1.1MB
-
MD5
c96a43db0abf02b0db8ca6efc658dc38
-
SHA1
a7c1b56d517d66e054e17c6cbd54bb3f1eafab8d
-
SHA256
e407a38eed731274df47ae9255e471e6c1eadee50a786f93108d177d932f1172
-
SHA512
6a607ee81d5fa7837643402c9c1d657dea5f0e819b64731f92bf72383d416d6e219520f15e8fb6fd5531fb0b7a1464b80ec30f9699b4304863b276cc2831ff8a
-
SSDEEP
24576:BrORE29TTVx8aBRd1h1orq+GWE0Jc5bDTj1Vyv9TvaT+DCfkPY:B2EYTb8atv1orq+pEiSDTj1VyvBaTJkQ
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook accounts
-
Accesses Microsoft Outlook profiles
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
1Credentials in Registry
1