64be767713553d9381add65aa62e302691a86257c087ddbaccdf56f7b905cb31 | Triage

Sharing

General

Target

temp.exe
Size

2.7MB
Sample

241121-pclhnasfnk
MD5

80e3cf78b36403d94dc167fb157241a7
SHA1

990c00b029bb0006968d5ff970257793a94e5429
SHA256

64be767713553d9381add65aa62e302691a86257c087ddbaccdf56f7b905cb31
SHA512

7eaf50cd1a18a77737522d85084f7bca394ac7f2e6afdef96a0fbc47ba33c3d7d543d12ce8cc106203ffeb3c20bee63f099f7ca2817d9ba2ff821ae342c023ad
SSDEEP

49152:smuk6Flic1CcPANlX7c8TuQsRVg+HIbHczjzXThtYJtkE:+XCKfDNlsCE

Score

10^/10

discovery evasion persistence

Malware Config

Targets

- Target
  
  temp.exe
- Size
  
  2.7MB
- MD5
  
  80e3cf78b36403d94dc167fb157241a7
- SHA1
  
  990c00b029bb0006968d5ff970257793a94e5429
- SHA256
  
  64be767713553d9381add65aa62e302691a86257c087ddbaccdf56f7b905cb31
- SHA512
  
  7eaf50cd1a18a77737522d85084f7bca394ac7f2e6afdef96a0fbc47ba33c3d7d543d12ce8cc106203ffeb3c20bee63f099f7ca2817d9ba2ff821ae342c023ad
- SSDEEP
  
  49152:smuk6Flic1CcPANlX7c8TuQsRVg+HIbHczjzXThtYJtkE:+XCKfDNlsCE
Score

10^/10

discovery evasion persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence