2c3ffed767bd4135b9d38df36c66d06883d8de4e41f24a62a17d35d77c81f9a6 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.ileg-2c3ffed767bd4135b9d38df36c66d06883d8de4e41f24a62a17d35d77c81f9a6
Size

746KB
Sample

221107-a2kkbscchm
MD5

9b519baa8fee0c014528524e9ef9c8b2
SHA1

a80eb4470e689e19a30c0c04161250367e741c16
SHA256

2c3ffed767bd4135b9d38df36c66d06883d8de4e41f24a62a17d35d77c81f9a6
SHA512

3128ddd2f1a10c17b08776fb604c24820945c80a4883c3139de24e238c616e03db4ac0ecc1318693336bd48133dc8b45df25378952ec4f9f5cd99908031fafaa
SSDEEP

12288:HvehvlYuXb6cK4QJrr186amIWge+RCQdyIMA65xb/T+ZXmwWE43LY/g5Br:HvehviuXbZKXJrr186amIWgVRFyIMX5n

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.ileg-2c3ffed767bd4135b9d38df36c66d06883d8de4e41f24a62a17d35d77c81f9a6
- Size
  
  746KB
- MD5
  
  9b519baa8fee0c014528524e9ef9c8b2
- SHA1
  
  a80eb4470e689e19a30c0c04161250367e741c16
- SHA256
  
  2c3ffed767bd4135b9d38df36c66d06883d8de4e41f24a62a17d35d77c81f9a6
- SHA512
  
  3128ddd2f1a10c17b08776fb604c24820945c80a4883c3139de24e238c616e03db4ac0ecc1318693336bd48133dc8b45df25378952ec4f9f5cd99908031fafaa
- SSDEEP
  
  12288:HvehvlYuXb6cK4QJrr186amIWge+RCQdyIMA65xb/T+ZXmwWE43LY/g5Br:HvehviuXbZKXJrr186amIWgVRFyIMX5n
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2