96c7d1d5dab0c8060f3220816e3e49461ef328643d520545ffc8aa05ddd76760 | Triage

Sharing

General

Target

Winsvc.exe
Size

1.6MB
Sample

241120-vwnp1s1anp
MD5

3e4461418de7a12e7951ccf51fe4d4d3
SHA1

d7332419080c1a8eaef111439feb71bda300a1d3
SHA256

96c7d1d5dab0c8060f3220816e3e49461ef328643d520545ffc8aa05ddd76760
SHA512

b01982718c3f62059f086c3274f9f8d1c98bbb9bcc187bfa466b369d08818cd2fe06e0949256eddbfd6f26b3fd5428ea8008d49adf6f233282f08c8dce4e9553
SSDEEP

24576:9sRgQPPLVkiouiRjaMkVRu9JS70cJscGh6U8mEGKacNpVAADNi5GeZTOjo:9sV3LGjpkVIJunw98mTKfVAyNioSTO

Score

10^/10

Malware Config

Targets

- Target
  
  Winsvc.exe
- Size
  
  1.6MB
- MD5
  
  3e4461418de7a12e7951ccf51fe4d4d3
- SHA1
  
  d7332419080c1a8eaef111439feb71bda300a1d3
- SHA256
  
  96c7d1d5dab0c8060f3220816e3e49461ef328643d520545ffc8aa05ddd76760
- SHA512
  
  b01982718c3f62059f086c3274f9f8d1c98bbb9bcc187bfa466b369d08818cd2fe06e0949256eddbfd6f26b3fd5428ea8008d49adf6f233282f08c8dce4e9553
- SSDEEP
  
  24576:9sRgQPPLVkiouiRjaMkVRu9JS70cJscGh6U8mEGKacNpVAADNi5GeZTOjo:9sV3LGjpkVIJunw98mTKfVAyNioSTO
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops startup file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4