Resubmissions

21-11-2020 16:12

201121-3vsypzcqyx 10

21-11-2020 15:12

201121-c152v5zkxx 10

General

  • Target

    e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.bin

  • Size

    532KB

  • Sample

    201121-3vsypzcqyx

  • MD5

    76f547c793b5478b970c64caf04d01d4

  • SHA1

    f9eb40f6d3d4c83852e3781886db762bef8564e0

  • SHA256

    e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037

  • SHA512

    91e91a8b693cb253f281411260611a221a113b342eaa642a9d6597aaf86c138ee2aa28ade10218a814ae34016e6d70824e36786497476ab704defddf60e33e17

Score
10/10

Malware Config

Targets

    • Target

      e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.bin

    • Size

      532KB

    • MD5

      76f547c793b5478b970c64caf04d01d4

    • SHA1

      f9eb40f6d3d4c83852e3781886db762bef8564e0

    • SHA256

      e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037

    • SHA512

      91e91a8b693cb253f281411260611a221a113b342eaa642a9d6597aaf86c138ee2aa28ade10218a814ae34016e6d70824e36786497476ab704defddf60e33e17

    Score
    10/10
    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Modifies WinLogon to allow AutoLogon

      Enables rebooting of the machine without requiring login credentials.

MITRE ATT&CK Enterprise v6

Tasks