98fb90047b2f9b8efc6b83cc33189f2c57a2daeff509796334f42b6579877c4f | Triage

Sharing

General

Target

ULMT Beta.exe
Size

163KB
Sample

241120-f6t78asjbz
MD5

86ee0143153b810ec3c831c82743c194
SHA1

934823e37048eba156f75e9ad19ec733e93c9edc
SHA256

98fb90047b2f9b8efc6b83cc33189f2c57a2daeff509796334f42b6579877c4f
SHA512

8746e51a2a67e22286b53e9d257eea2acf8a04cc810b6b8a4c089b12f3bb3834679bdb211b80d54790d1c7033b57770ace924369e355f307ac06cd2a1279526f
SSDEEP

3072:LahKyd2n31n5GWp1icKAArDZz4N9GhbkrNEk1crrgT:LahO/p0yN90QEk

Score

6^/10

execution persistence

Malware Config

Targets

- Target
  
  ULMT Beta.exe
- Size
  
  163KB
- MD5
  
  86ee0143153b810ec3c831c82743c194
- SHA1
  
  934823e37048eba156f75e9ad19ec733e93c9edc
- SHA256
  
  98fb90047b2f9b8efc6b83cc33189f2c57a2daeff509796334f42b6579877c4f
- SHA512
  
  8746e51a2a67e22286b53e9d257eea2acf8a04cc810b6b8a4c089b12f3bb3834679bdb211b80d54790d1c7033b57770ace924369e355f307ac06cd2a1279526f
- SSDEEP
  
  3072:LahKyd2n31n5GWp1icKAArDZz4N9GhbkrNEk1crrgT:LahO/p0yN90QEk
Score

6^/10

execution persistence
- Adds Run key to start application
  persistence
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

executionpersistence