f3cbb5d82cd929211283435c7dd79e7c853449ad23e7d4895b9fc0427759ba7f | Triage

Resubmissions

17/01/2025, 19:07

250117-xsph9a1jek 10

17/01/2025, 19:00

250117-xn3kbazqhk 10

Sharing

General

Target

filetest.bat
Size

7.9MB
Sample

250117-xn3kbazqhk
MD5

f88d18fc65296a1ed460e40a352e3045
SHA1

f6d9d94da2f11d0485ca057a057a06ac492bde8c
SHA256

f3cbb5d82cd929211283435c7dd79e7c853449ad23e7d4895b9fc0427759ba7f
SHA512

f193edd5c475040928e188b756d27ecb2f61ef6a1d7392bdb62e6d5bcdd5c37272849a298e9cc6265b5f67890881971ecf28f93e98edd90f6f536190999ed367
SSDEEP

49152:h4ANZ4/rNl/dichvhGpPK7kMes5mmCq/BWZHtPrBe7XTADqoh6EKQJS2H/WkTb/2:6

Score

10^/10

execution

Malware Config

Targets

- Target
  
  filetest.bat
- Size
  
  7.9MB
- MD5
  
  f88d18fc65296a1ed460e40a352e3045
- SHA1
  
  f6d9d94da2f11d0485ca057a057a06ac492bde8c
- SHA256
  
  f3cbb5d82cd929211283435c7dd79e7c853449ad23e7d4895b9fc0427759ba7f
- SHA512
  
  f193edd5c475040928e188b756d27ecb2f61ef6a1d7392bdb62e6d5bcdd5c37272849a298e9cc6265b5f67890881971ecf28f93e98edd90f6f536190999ed367
- SSDEEP
  
  49152:h4ANZ4/rNl/dichvhGpPK7kMes5mmCq/BWZHtPrBe7XTADqoh6EKQJS2H/WkTb/2:6
Score

10^/10

execution
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Command and Scripting Interpreter: PowerShell
  Run Powershell and hide display window.
  execution
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1