7deff72d95afbf8348931cb4f04c8419dede4c119b2bed7faeee68325bb5456f | Triage

Sharing

General

Target

7deff72d95afbf8348931cb4f04c8419dede4c119b2bed7faeee68325bb5456f
Size

230KB
Sample

220919-p69scadfbq
MD5

aca6e90762b04e063c66dcb227930b72
SHA1

5f6f5f4faf3c8918a3c67b2ac2b727b01c39497b
SHA256

7deff72d95afbf8348931cb4f04c8419dede4c119b2bed7faeee68325bb5456f
SHA512

5b564e99d4f84a3c9481a6e4aa7673880fbf7ed2f2fe730dd5fb9e3ac48d083b11fb5d250bc9a1d1b3355acea2b907e1912972248c9c9bbcdf3fe50ddded1153
SSDEEP

3072:PiLewiDamJwU4OyEemik2Wz4URc4Br1A0qvCbG4QkPKfqgM/FL9w9PYC/CwZC2ol:P4IrOrk2Wzd7bAGGpJqgWx9wBvYDqE

Score

8^/10

persistence

Malware Config

Targets

- Target
  
  7deff72d95afbf8348931cb4f04c8419dede4c119b2bed7faeee68325bb5456f
- Size
  
  230KB
- MD5
  
  aca6e90762b04e063c66dcb227930b72
- SHA1
  
  5f6f5f4faf3c8918a3c67b2ac2b727b01c39497b
- SHA256
  
  7deff72d95afbf8348931cb4f04c8419dede4c119b2bed7faeee68325bb5456f
- SHA512
  
  5b564e99d4f84a3c9481a6e4aa7673880fbf7ed2f2fe730dd5fb9e3ac48d083b11fb5d250bc9a1d1b3355acea2b907e1912972248c9c9bbcdf3fe50ddded1153
- SSDEEP
  
  3072:PiLewiDamJwU4OyEemik2Wz4URc4Br1A0qvCbG4QkPKfqgM/FL9w9PYC/CwZC2ol:P4IrOrk2Wzd7bAGGpJqgWx9wBvYDqE
Score

8^/10

persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2