e49132ac287389f5e3b92d29349b76aabbe29f7cfa53fbfe22d5952d4657ff4d | Triage

Submit
Reports

Overview

overview

Static

static

5

e49132ac28...4d.exe

windows7-x64

e49132ac28...4d.exe

windows10-2004-x64

Sharing

General

Target

e49132ac287389f5e3b92d29349b76aabbe29f7cfa53fbfe22d5952d4657ff4d
Size

1.2MB
Sample

221020-x23r8sbce9
MD5

a07d308fc1170811313f2b48a756c8ef
SHA1

9515a5259b21517487118b1e6db7062088cfaaed
SHA256

e49132ac287389f5e3b92d29349b76aabbe29f7cfa53fbfe22d5952d4657ff4d
SHA512

9e8f83548e890edd939273c3950c03b67a43d679d43956df31e00860158168e9a178dc354834e5260c6096c77e173f68547d73e0d3f6661f08db7f41e10c3d8d
SSDEEP

24576:fJeJfAqkjp98zHpieTXCeGOxmI8/+po9TFEu5OJe:BeJfAJGpLrCeGOxmsQTFEu5OJ

Score

10^/10

evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e49132ac287389f5e3b92d29349b76aabbe29f7cfa53fbfe22d5952d4657ff4d.exe

Resource

win7-20220812-en

evasion persistence

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

e49132ac287389f5e3b92d29349b76aabbe29f7cfa53fbfe22d5952d4657ff4d.exe

Resource

win10v2004-20220901-en

evasion persistence

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  e49132ac287389f5e3b92d29349b76aabbe29f7cfa53fbfe22d5952d4657ff4d
- Size
  
  1.2MB
- MD5
  
  a07d308fc1170811313f2b48a756c8ef
- SHA1
  
  9515a5259b21517487118b1e6db7062088cfaaed
- SHA256
  
  e49132ac287389f5e3b92d29349b76aabbe29f7cfa53fbfe22d5952d4657ff4d
- SHA512
  
  9e8f83548e890edd939273c3950c03b67a43d679d43956df31e00860158168e9a178dc354834e5260c6096c77e173f68547d73e0d3f6661f08db7f41e10c3d8d
- SSDEEP
  
  24576:fJeJfAqkjp98zHpieTXCeGOxmI8/+po9TFEu5OJe:BeJfAJGpLrCeGOxmsQTFEu5OJ
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy