676f4d7755cab073507ae182be7417cfd2f962a8cc3a4a063913822ee21eaef0 | Triage

Sharing

General

Target

Trojan-Ransom.Win32.Blocker.ileg-676f4d7755cab073507ae182be7417cfd2f962a8cc3a4a063913822ee21eaef0
Size

247KB
Sample

221107-bgdfysagd2
MD5

69bf991739ce71cc6fd5a0d9aca3aa4a
SHA1

e43a58f39ab0b25817a2c5c87f440a37276cc454
SHA256

676f4d7755cab073507ae182be7417cfd2f962a8cc3a4a063913822ee21eaef0
SHA512

52031da74759a1c9ecf30b6e77b41c7a224f3f5e11f3fa20e8298e753c1ca65e8ef8401a5d22436730229b0a9ee40e09d9e38b76124ac07f25dfad60d7a2deb4
SSDEEP

768:AjNYM/5Imwt80PKBds2amur5ccbpQSx7f1zBmQzTGfmgyqr0:wYUgKBiQk53Bx7f1zwQVgvr

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  Trojan-Ransom.Win32.Blocker.ileg-676f4d7755cab073507ae182be7417cfd2f962a8cc3a4a063913822ee21eaef0
- Size
  
  247KB
- MD5
  
  69bf991739ce71cc6fd5a0d9aca3aa4a
- SHA1
  
  e43a58f39ab0b25817a2c5c87f440a37276cc454
- SHA256
  
  676f4d7755cab073507ae182be7417cfd2f962a8cc3a4a063913822ee21eaef0
- SHA512
  
  52031da74759a1c9ecf30b6e77b41c7a224f3f5e11f3fa20e8298e753c1ca65e8ef8401a5d22436730229b0a9ee40e09d9e38b76124ac07f25dfad60d7a2deb4
- SSDEEP
  
  768:AjNYM/5Imwt80PKBds2amur5ccbpQSx7f1zBmQzTGfmgyqr0:wYUgKBiQk53Bx7f1zwQVgvr
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2