c27b2d312a9e203b0fca4df49aa1d9ef1c974764f6d46eaa85fba3616e61414a | Triage

Sharing

General

Target

Exes_0679ff8965a354cbe614a19cb8d2844b.exe
Size

559KB
Sample

190801-a1aw49r1b6
MD5

0679ff8965a354cbe614a19cb8d2844b
SHA1

b6752c38215c3fbef10aac39e7d8d8180bb99e8a
SHA256

c27b2d312a9e203b0fca4df49aa1d9ef1c974764f6d46eaa85fba3616e61414a
SHA512

1c03818b310978e193e3d7586d0d35bdd2acea0f9e502c2efa4934637e945b80242abfb96b615ffbeb77ea737b048bae567474bc6a66e7b9971b52291008ee6f

Score

N/A

Malware Config

Targets

- Target
  
  Exes_0679ff8965a354cbe614a19cb8d2844b.exe
- Size
  
  559KB
- MD5
  
  0679ff8965a354cbe614a19cb8d2844b
- SHA1
  
  b6752c38215c3fbef10aac39e7d8d8180bb99e8a
- SHA256
  
  c27b2d312a9e203b0fca4df49aa1d9ef1c974764f6d46eaa85fba3616e61414a
- SHA512
  
  1c03818b310978e193e3d7586d0d35bdd2acea0f9e502c2efa4934637e945b80242abfb96b615ffbeb77ea737b048bae567474bc6a66e7b9971b52291008ee6f
Score

N/A
- Modifies Winlogon for persistence
- Suspicious use of SetThreadContext
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Access Token Manipulation

Process Injection

Defense Evasion

Access Token Manipulation

Modify Registry

Process Injection

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2