ed11a1720faafbb6e931be84e0159e6f57886ccc928e9c1bf007b4c6bf2c4d2b | Triage

Sharing

General

Target

ed11a1720faafbb6e931be84e0159e6f57886ccc928e9c1bf007b4c6bf2c4d2b.iso
Size

76KB
Sample

241120-edagnszdrg
MD5

80b5f7eaba74d8d03bdb37e4d2fa3646
SHA1

f12b66daf42c7b886e258a91a507b22ff1a0eb9d
SHA256

ed11a1720faafbb6e931be84e0159e6f57886ccc928e9c1bf007b4c6bf2c4d2b
SHA512

987b82192e52f5f49a62d64aee8e0cebac29842c5366ad72e4132898e29ad745f3643e10a5aa0364e0bd7d0083c98a236c21f9ffb2ed716910d5fb5efe6b7deb
SSDEEP

192:X9q/z/Yk+pxEnFgA/Wh764JziWHCEvNesGIN:X9Q8vpxEnFgf76UvvNesJ

Score

10^/10

discovery

Malware Config

Targets

- Target
  
  OCBC.PaymentAdvice.pdf.exe
- Size
  
  25KB
- MD5
  
  3b545f7f4f5f5ae844a1743a51877f45
- SHA1
  
  5f423addc5664d4706a7bc1929e2f824848b12a6
- SHA256
  
  104b35f5d9c703f0c6b45ce79ec5c7023bf33681c303855ea03ceff56786dcef
- SHA512
  
  2b509774413dcb03fc83a82a20039d52f18b769ee83d21c7789628fe3967321479f6b6b11e5fb39740687d9763052188a0ced296679402d7e3f7dd4e449ac10e
- SSDEEP
  
  192:8/z/Yk+pxEnFgA/Wh764JziWHCEvNesGIN:q8vpxEnFgf76UvvNesJ
Score

10^/10

discovery
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2