791340a65a6bd8f73fb6a02edb244b45fb8719c5c872f1ea45af262ac78e1a7f | Triage

Sharing

General

Target

791340a65a6bd8f73fb6a02edb244b45fb8719c5c872f1ea45af262ac78e1a7f
Size

196KB
Sample

220919-npsl3aahen
MD5

9a9bc53a852924cc6a0b2773f4924515
SHA1

99f6ed6b5d066fc675262054d379db6d1e92d84d
SHA256

791340a65a6bd8f73fb6a02edb244b45fb8719c5c872f1ea45af262ac78e1a7f
SHA512

1d161a1d4f4ad9430a65e5bdb89846b9154366a4aecffffc354e18904de9af89e4577d2b71ce21dbe3238ee0c104325989aefec65cf915d76e4a0bd9f9432d19
SSDEEP

6144:CGHx7NOZxelAjG503Kx7+RMvC1QNXs4qAldlU6DyxD6QPB4d:lNOZclAjG503Kx7+RMvC1QZs4qAldlU6

Score

9^/10

persistence

Malware Config

Targets

- Target
  
  791340a65a6bd8f73fb6a02edb244b45fb8719c5c872f1ea45af262ac78e1a7f
- Size
  
  196KB
- MD5
  
  9a9bc53a852924cc6a0b2773f4924515
- SHA1
  
  99f6ed6b5d066fc675262054d379db6d1e92d84d
- SHA256
  
  791340a65a6bd8f73fb6a02edb244b45fb8719c5c872f1ea45af262ac78e1a7f
- SHA512
  
  1d161a1d4f4ad9430a65e5bdb89846b9154366a4aecffffc354e18904de9af89e4577d2b71ce21dbe3238ee0c104325989aefec65cf915d76e4a0bd9f9432d19
- SSDEEP
  
  6144:CGHx7NOZxelAjG503Kx7+RMvC1QNXs4qAldlU6DyxD6QPB4d:lNOZclAjG503Kx7+RMvC1QZs4qAldlU6
Score

9^/10

persistence
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Account Manipulation

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Account Manipulation

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2