5e20e4083063c139382c5df8d39dd47d30e86679a6bdfe55d5e7fee60038a0da | Triage

Submit
Reports

Overview

overview

Static

static

5e20e40830...da.exe

windows7-x64

5e20e40830...da.exe

windows10-2004-x64

Sharing

General

Target

5e20e4083063c139382c5df8d39dd47d30e86679a6bdfe55d5e7fee60038a0da
Size

776KB
Sample

221020-mvm34aacaq
MD5

816427c8125ca5cb22fcedcc01cc567c
SHA1

3321b55cf834540be904fe1cc41b1bbf2240a0df
SHA256

5e20e4083063c139382c5df8d39dd47d30e86679a6bdfe55d5e7fee60038a0da
SHA512

f6ce220a45c485ef2980002f38c54c5b13f06a96b6fa4f9af5fa1125c3c7548c7b23145f1cf78f59e731c0ff9dd67e06741d8cb8dd4cf4796b155fa03efa1836
SSDEEP

12288:43TdtLW5WIj1YSSdFxQBSXyMzBUWb9lx/9AHHLo8OW+rBXSsP:SDsj1dEgBcJ9nPx/iHrp+9So

Score

10^/10

evasion persistence

Static task

static1

Behavioral task

behavioral1

Sample

5e20e4083063c139382c5df8d39dd47d30e86679a6bdfe55d5e7fee60038a0da.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5e20e4083063c139382c5df8d39dd47d30e86679a6bdfe55d5e7fee60038a0da.exe

Resource

win10v2004-20220901-en

evasion persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e20e4083063c139382c5df8d39dd47d30e86679a6bdfe55d5e7fee60038a0da
- Size
  
  776KB
- MD5
  
  816427c8125ca5cb22fcedcc01cc567c
- SHA1
  
  3321b55cf834540be904fe1cc41b1bbf2240a0df
- SHA256
  
  5e20e4083063c139382c5df8d39dd47d30e86679a6bdfe55d5e7fee60038a0da
- SHA512
  
  f6ce220a45c485ef2980002f38c54c5b13f06a96b6fa4f9af5fa1125c3c7548c7b23145f1cf78f59e731c0ff9dd67e06741d8cb8dd4cf4796b155fa03efa1836
- SSDEEP
  
  12288:43TdtLW5WIj1YSSdFxQBSXyMzBUWb9lx/9AHHLo8OW+rBXSsP:SDsj1dEgBcJ9nPx/iHrp+9So
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy