2b6e0e19053485b5ee0b0f7e5cd2deb383d71d8dd38ff91464d906ccf28eb74e | Triage

Resubmissions

28-11-2024 14:20

241128-rnfgwszndw 8

28-11-2024 14:18

241128-rmdxnswjgp 3

Sharing

General

Target

26d76f5d90188a9461bed041e372975875208394e16963a26b8404e240cfa5ac.zip
Size

35KB
Sample

241128-rnfgwszndw
MD5

9c4187f65f4d6dade38ebf7c0454e9c1
SHA1

d5d3aaa4627ae9cd9e715233ae5e860c473ce5c5
SHA256

2b6e0e19053485b5ee0b0f7e5cd2deb383d71d8dd38ff91464d906ccf28eb74e
SHA512

3abee88db484add69ce103448ccb411326ba02dd943df8b5d831fe6273124eb22cfc661da1e9279bd2c55b6d1f296ee49ad7d9757f513dee56fe47c91b7b82e6
SSDEEP

768:TveKy8W8MgAIRq8F8/RSNTb5hP+GxtmBNkt7oknttMfjZC9B0F9y0y7oOGfwF:TveD8UCEANBhmG+G/MflC9B0F01UOGoF

Score

8^/10

microsoft defense_evasion discovery persistence phishing

Malware Config

Targets

- Target
  
  26d76f5d90188a9461bed041e372975875208394e16963a26b8404e240cfa5ac
- Size
  
  111KB
- MD5
  
  4ed926df707a900c5a186a98b8d57661
- SHA1
  
  88886952440bbd9aae13c9c0c7ac2918fd204503
- SHA256
  
  26d76f5d90188a9461bed041e372975875208394e16963a26b8404e240cfa5ac
- SHA512
  
  b6deb3a26148b23fcbe2f7fbff10c4b24889633d60a3e5f0e869199e2a90d6215e6e5e99a4e43b849386ad2e99634bf240aceb9d809492f4f3137a1d3274f242
- SSDEEP
  
  1536:1+ReV/YEphjIdA5/huIMaAfaFVk69IJ88hvAqL/a4tCTXFL9G+K/aa3sZLP:ZRnR0adCvAqL/a4tiLw7Z3
Score

8^/10

discovery microsoft defense_evasion persistence phishing
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

microsoftdefense_evasiondiscoverypersistencephishing