301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f | Triage

Submit
Reports

Overview

overview

Static

static

301a3f5017...le.exe

windows7_x64

301a3f5017...le.exe

windows10_x64

Resubmissions

23-03-2024 23:50

240323-3vttmsed88 10

12-12-2020 10:26

201212-wddwj75xse 10

Sharing

General

Target

301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f.bin.sample
Size

413KB
Sample

201212-wddwj75xse
MD5

3023d7526b479ea3df315a5b1779a43d
SHA1

b5ae71b96a28b9353a4f33c5370ac18750937c17
SHA256

301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f
SHA512

67fe1cf7538e8ef76b6acbba99326af0de58464bf5710ae6fa7b85d73da9a84c58122de6b87c7d9560f0d366de711a95d03be231c1018eacb7489fd32aeb0834

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f.bin.sample.exe

Resource

win7v20201028

evasion persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f.bin.sample.exe

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f.bin.sample
- Size
  
  413KB
- MD5
  
  3023d7526b479ea3df315a5b1779a43d
- SHA1
  
  b5ae71b96a28b9353a4f33c5370ac18750937c17
- SHA256
  
  301a3f5017e578fb04b0eb33f45831bb9bb8318020e0a18d222ebea08bf1c75f
- SHA512
  
  67fe1cf7538e8ef76b6acbba99326af0de58464bf5710ae6fa7b85d73da9a84c58122de6b87c7d9560f0d366de711a95d03be231c1018eacb7489fd32aeb0834
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies security service
  evasion
- Suspicious use of NtCreateProcessExOtherParentProcess
- ServiceHost packer
  Detects ServiceHost packer used for .NET malware
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Modify Existing Service

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

© 2018-2024

Terms | Privacy