Overview

overview

10

Static

static

1

3bc8I.html

windows7-x64

3

3bc8I.html

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bc8I

  • Size

    7KB

  • Sample

    241121-qh6apasald

  • MD5

    8f686d4f90fb93d8d90fb8f818c05c62

  • SHA1

    ddb3044b048d026fa0d8540a4c606d6c302b5e37

  • SHA256

    88a1a1f09906b7501ea44d53c5583cb4a151cd4a47bd343c8d57f0877a526241

  • SHA512

    8262149b1a4282da3377b110885ed5e12f5fb5a1260450912b054fbc7c00672484c49bd59004eae7d29ac5ce75e16ee444d5e803b8d3c73c7c58b42f7429a3ca

  • SSDEEP

    192:PN2x2BsBm5oZRFR7seoIMfjlvWwKZZ8yWhN:AxDaEFFrQRigN

Score
10/10
discoverypersistence

Malware Config

Targets

    • Target

      3bc8I

    • Size

      7KB

    • MD5

      8f686d4f90fb93d8d90fb8f818c05c62

    • SHA1

      ddb3044b048d026fa0d8540a4c606d6c302b5e37

    • SHA256

      88a1a1f09906b7501ea44d53c5583cb4a151cd4a47bd343c8d57f0877a526241

    • SHA512

      8262149b1a4282da3377b110885ed5e12f5fb5a1260450912b054fbc7c00672484c49bd59004eae7d29ac5ce75e16ee444d5e803b8d3c73c7c58b42f7429a3ca

    • SSDEEP

      192:PN2x2BsBm5oZRFR7seoIMfjlvWwKZZ8yWhN:AxDaEFFrQRigN

    Score
    10/10
    discoverypersistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks