76b96f84cc26050662758376eb5a66a6b81e2c8b05b718344bb91c8bb8a24e29 | Triage

Submit
Reports

Overview

overview

Static

static

76b96f84cc...29.exe

windows7-x64

76b96f84cc...29.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

76b96f84cc26050662758376eb5a66a6b81e2c8b05b718344bb91c8bb8a24e29
Size

160KB
Sample

221106-s3hfgabgbn
MD5

0cc9f444897fee45503629b76279f788
SHA1

6e58732d285bc6b962a2da432b6606d99f9d106a
SHA256

76b96f84cc26050662758376eb5a66a6b81e2c8b05b718344bb91c8bb8a24e29
SHA512

46e3721d683df1898c3cdd8332a52a8a3d89cab574bfb0f003fb853d1ece9e9f86928709d14d93404f87e04b9166ca205d12f4eae2d98432ed04989da30204da
SSDEEP

1536:zmWwat4oIuRXqHQu+QwPyohUXWIcoTgCwHhmHKNKqODN5YlS0pw8:znzt4oIuR6Hv+QwPyohUsuCqxqA1Sr

Score

10^/10

evasion persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

76b96f84cc26050662758376eb5a66a6b81e2c8b05b718344bb91c8bb8a24e29.exe

Resource

win7-20220901-en

evasion persistence trojan

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

76b96f84cc26050662758376eb5a66a6b81e2c8b05b718344bb91c8bb8a24e29.exe

Resource

win10v2004-20220812-en

evasion persistence trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  76b96f84cc26050662758376eb5a66a6b81e2c8b05b718344bb91c8bb8a24e29
- Size
  
  160KB
- MD5
  
  0cc9f444897fee45503629b76279f788
- SHA1
  
  6e58732d285bc6b962a2da432b6606d99f9d106a
- SHA256
  
  76b96f84cc26050662758376eb5a66a6b81e2c8b05b718344bb91c8bb8a24e29
- SHA512
  
  46e3721d683df1898c3cdd8332a52a8a3d89cab574bfb0f003fb853d1ece9e9f86928709d14d93404f87e04b9166ca205d12f4eae2d98432ed04989da30204da
- SSDEEP
  
  1536:zmWwat4oIuRXqHQu+QwPyohUXWIcoTgCwHhmHKNKqODN5YlS0pw8:znzt4oIuR6Hv+QwPyohUsuCqxqA1Sr
Score

10^/10

evasion persistence trojan
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Sets file execution options in registry
  persistence
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2

evasionpersistencetrojan

© 2018-2025

Terms | Privacy