f86c92fb1dfb37df48fb5ead375fc86782e8e2d420786c40b6fda7304436e859 | Triage

Submit
Reports

Overview

overview

Static

static

f86c92fb1d...59.exe

windows7_x64

f86c92fb1d...59.exe

windows10-2004_x64

Sharing

General

Target

f86c92fb1dfb37df48fb5ead375fc86782e8e2d420786c40b6fda7304436e859
Size

166KB
Sample

220326-sv5wssecf5
MD5

6d1009cfb5e919ff3f8aea0abb8591d5
SHA1

4c0323cd70493b259a82d52695abbd09379d42a6
SHA256

f86c92fb1dfb37df48fb5ead375fc86782e8e2d420786c40b6fda7304436e859
SHA512

556c3b476324306e07bfd0f5066756b0f1d21cf3a0f68084caeead1e9d762df8237579f3a14f3f5c7f0536aeea239e482c3340b40452aa768f62f5fadc313a2a

Score

10^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

f86c92fb1dfb37df48fb5ead375fc86782e8e2d420786c40b6fda7304436e859.exe

Resource

win7-20220311-en

discovery evasion exploit persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f86c92fb1dfb37df48fb5ead375fc86782e8e2d420786c40b6fda7304436e859.exe

Resource

win10v2004-en-20220113

discovery evasion exploit persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f86c92fb1dfb37df48fb5ead375fc86782e8e2d420786c40b6fda7304436e859
- Size
  
  166KB
- MD5
  
  6d1009cfb5e919ff3f8aea0abb8591d5
- SHA1
  
  4c0323cd70493b259a82d52695abbd09379d42a6
- SHA256
  
  f86c92fb1dfb37df48fb5ead375fc86782e8e2d420786c40b6fda7304436e859
- SHA512
  
  556c3b476324306e07bfd0f5066756b0f1d21cf3a0f68084caeead1e9d762df8237579f3a14f3f5c7f0536aeea239e482c3340b40452aa768f62f5fadc313a2a
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

behavioral2

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy