f20292438bcd78712d9bbce09866b484250640f50893991ad199796cfe28e50d | Triage

Submit
Reports

Overview

overview

Static

static

5

f20292438b...0d.exe

windows7-x64

f20292438b...0d.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f20292438bcd78712d9bbce09866b484250640f50893991ad199796cfe28e50d
Size

728KB
Sample

221107-1b7kaacfcp
MD5

0fca26c5f674fe71e1ca22bc9b13b388
SHA1

f3b3dddf61e9d68223a08878acfe0fcacdc8da75
SHA256

f20292438bcd78712d9bbce09866b484250640f50893991ad199796cfe28e50d
SHA512

021336a181429bd96bb304861d92a588035a6029cc18315599db5e431ea6e9690e2106d3a23e55bedd98aa967bea94c5ed4187de6645e218f073be6876de2dda
SSDEEP

6144:wpqoa8aLyC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnCa:wpqyC/2OGAtkCP4cejGSOpRK3CnIi6

Score

10^/10

persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f20292438bcd78712d9bbce09866b484250640f50893991ad199796cfe28e50d.exe

Resource

win7-20220812-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f20292438bcd78712d9bbce09866b484250640f50893991ad199796cfe28e50d.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  f20292438bcd78712d9bbce09866b484250640f50893991ad199796cfe28e50d
- Size
  
  728KB
- MD5
  
  0fca26c5f674fe71e1ca22bc9b13b388
- SHA1
  
  f3b3dddf61e9d68223a08878acfe0fcacdc8da75
- SHA256
  
  f20292438bcd78712d9bbce09866b484250640f50893991ad199796cfe28e50d
- SHA512
  
  021336a181429bd96bb304861d92a588035a6029cc18315599db5e431ea6e9690e2106d3a23e55bedd98aa967bea94c5ed4187de6645e218f073be6876de2dda
- SSDEEP
  
  6144:wpqoa8aLyC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcAYnCa:wpqyC/2OGAtkCP4cejGSOpRK3CnIi6
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy