faf6dd2652f889431407df47b973dcdfa1d4c790bead60e75b123ea8964cb36e | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Anmerkung ...11.png

windows11-21h2-x64

8

Resubmissions

01-12-2024 00:18

241201-al5wbsvkcr 8

01-12-2024 00:16

241201-akx44azme1 10

30-11-2024 23:57

241130-3zr6lstqdl 8

Sharing

General

Target

Anmerkung 2024-01-18 231511.png
Size

321KB
Sample

241201-al5wbsvkcr
MD5

921e48fd77add10603c4b4fa4833b3b1
SHA1

702e4a5887419373aeee0db9e41887d52d796bb3
SHA256

faf6dd2652f889431407df47b973dcdfa1d4c790bead60e75b123ea8964cb36e
SHA512

116bb75bde4c692e98cc0735694edb2e0f90b7ed397753b8481a2747fce8bcf43b221d8e955a95941df588091d853214a10c4a347aa798ac60f046cc11ec6a7d
SSDEEP

6144:3iAw0Kz4kgawmXR7RYTwX7DprHlk5+kF1+4TXTYPyNmUZyzeCzGYGfKJrTpWqaJw:XSprXR9Y0FHlk4krFTXMyNmUgiCzGYGw

Score

8^/10

defense_evasion discovery execution motw phishing

Static task

static1

Behavioral task

behavioral1

Sample

Anmerkung 2024-01-18 231511.png

Resource

win11-20241007-en

defense_evasion discovery execution motw phishing

windows11-21h2-x64

40 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Anmerkung 2024-01-18 231511.png
- Size
  
  321KB
- MD5
  
  921e48fd77add10603c4b4fa4833b3b1
- SHA1
  
  702e4a5887419373aeee0db9e41887d52d796bb3
- SHA256
  
  faf6dd2652f889431407df47b973dcdfa1d4c790bead60e75b123ea8964cb36e
- SHA512
  
  116bb75bde4c692e98cc0735694edb2e0f90b7ed397753b8481a2747fce8bcf43b221d8e955a95941df588091d853214a10c4a347aa798ac60f046cc11ec6a7d
- SSDEEP
  
  6144:3iAw0Kz4kgawmXR7RYTwX7DprHlk5+kF1+4TXTYPyNmUZyzeCzGYGfKJrTpWqaJw:XSprXR9Y0FHlk4krFTXMyNmUgiCzGYGw
Score

8^/10

defense_evasion discovery execution motw phishing
- Blocklisted process makes network request
- Contacts a large (690) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Downloads MZ/PE file
- A potential corporate email address has been identified in the URL: currency-file@1
  phishing
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Mark of the Web detected: This indicates that the page was originally saved or cloned.
  phishing motw
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Network Service Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionmotwphishing

© 2018-2024

Terms | Privacy