97908f93a4305247578983906ca3e34652d891af1a1efca7579a762a1f5da6ad | Triage

Sharing

General

Target

97908f93a4305247578983906ca3e34652d891af1a1efca7579a762a1f5da6ad
Size

12.9MB
Sample

241120-ekrpja1epp
MD5

fe8801edc37bcc3c4eefed207f96ba4a
SHA1

2c50d8f7e3796846cfd61f9eff906231d1adfcf9
SHA256

97908f93a4305247578983906ca3e34652d891af1a1efca7579a762a1f5da6ad
SHA512

ae9e59d6163b02958728cfa0f327b00037cb135a7eeed9c91d6c21667a814eb26ed92b8b65055b53ef470870bbca3ab5a079744e2e637c6e282dff7a06368d07
SSDEEP

196608:6Osa1sTaXS0wWMx87/T9sZOZvcoxc0ypKMHqDdiFZrGG5gEezUY+Fz5UFqc5efoT:6W1spjK/T6mvco8sTDIvX5rezoeYvjYF

Score

6^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  T1_软件包_1.0.9.msi
- Size
  
  14.3MB
- MD5
  
  ff2157d97d849d3bf67fd86d031662bc
- SHA1
  
  6310d810f1702177e11029990d1d1441f1b2c562
- SHA256
  
  442ab408377978c7d86bc9cb5fd566cac22ad2285a66a64fd173e155d7318abc
- SHA512
  
  90e699632d610f38573a77b462d43e04af4e69fd8a7772579dbfc09e8187eaedf1b39353e652a81f60177a12fc41e6baa67b8e9e4b574c5e379544890dbdda2b
- SSDEEP
  
  196608:j3KNfuUZj2vtrAZhVXQQv0sOAeym0a2uXRjoYSS3noSC:ON5jOSVXQM0sOAewhOBX
Score

6^/10

persistence privilege_escalation
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation