Overview

overview

10

Static

static

10

ff2b9b6121...d8.dll

windows7_x64

1

ff2b9b6121...d8.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8

  • Size

    6KB

  • Sample

    220201-pwffrafah4

  • MD5

    1cd6aba7a98a884da1b038bb5d74071d

  • SHA1

    a113d6af994fdd81c70b9cf5b8a3f11819c7c568

  • SHA256

    ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8

  • SHA512

    be08ebed96c90640d5e90e7ab43c29e5c0ba4a0a7c16c6db10ae3de4b84f27e5347170a97cfa99fa9493f42fd3ea32c79f437fabd9fb1dc0bd2292d882f3f7e8

Score
10/10
nloaderpersistence

Malware Config

Targets

    • Target

      ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8

    • Size

      6KB

    • MD5

      1cd6aba7a98a884da1b038bb5d74071d

    • SHA1

      a113d6af994fdd81c70b9cf5b8a3f11819c7c568

    • SHA256

      ff2b9b6121b3812a344144bfa4082c8b7567af1e75e352fde64eee6d060b18d8

    • SHA512

      be08ebed96c90640d5e90e7ab43c29e5c0ba4a0a7c16c6db10ae3de4b84f27e5347170a97cfa99fa9493f42fd3ea32c79f437fabd9fb1dc0bd2292d882f3f7e8

    Score
    10/10
    persistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Sets service image path in registry

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks