27b5236bdb2341aa1cbed8103e2b2109835d289634433ed55fa5e2e14d6f7b2f | Triage

Sharing

General

Target

27b5236bdb2341aa1cbed8103e2b2109835d289634433ed55fa5e2e14d6f7b2f.exe
Size

1.1MB
Sample

241120-nw3qls1kcn
MD5

0f96cef0004278ac7445954df3ebfc22
SHA1

8cc2aa5d9f54002b4e418dfc1a3896499efd4db9
SHA256

27b5236bdb2341aa1cbed8103e2b2109835d289634433ed55fa5e2e14d6f7b2f
SHA512

c2b1425f95eb7bcfaf02479fdeaf8fe040e6c47dae6b50717f116524e1f683524500fbb0ba6c48287ebe88e6b1a0c13c0d44c1f51fd5b93a6a2275510ea9928d
SSDEEP

24576:BYSR+7YTYhIYWemW7jyExSYO3Al7Zg7fnaTT9ppmdwWv:BHrT0vmujDST3Hfnwy7

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  27b5236bdb2341aa1cbed8103e2b2109835d289634433ed55fa5e2e14d6f7b2f.exe
- Size
  
  1.1MB
- MD5
  
  0f96cef0004278ac7445954df3ebfc22
- SHA1
  
  8cc2aa5d9f54002b4e418dfc1a3896499efd4db9
- SHA256
  
  27b5236bdb2341aa1cbed8103e2b2109835d289634433ed55fa5e2e14d6f7b2f
- SHA512
  
  c2b1425f95eb7bcfaf02479fdeaf8fe040e6c47dae6b50717f116524e1f683524500fbb0ba6c48287ebe88e6b1a0c13c0d44c1f51fd5b93a6a2275510ea9928d
- SSDEEP
  
  24576:BYSR+7YTYhIYWemW7jyExSYO3Al7Zg7fnaTT9ppmdwWv:BHrT0vmujDST3Hfnwy7
Score

10^/10

discovery persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence