1a4ca1e3af0ae1576bc91abd3d8b97f43fdb42113aed00c179e89566561a3dde | Triage

Sharing

General

Target

1a4ca1e3af0ae1576bc91abd3d8b97f43fdb42113aed00c179e89566561a3dde
Size

160KB
Sample

221123-k3bnxsdd6t
MD5

46872a7a17ba55be680b5b34294e3396
SHA1

ebdd64c0a55ec1d761c54a93824868db909453b6
SHA256

1a4ca1e3af0ae1576bc91abd3d8b97f43fdb42113aed00c179e89566561a3dde
SHA512

3bf74bbf6a46c440d8429580e1a6b05ce9be290e7b7c318d7ddb1545e91daa4a774c2e041034e12435f9dc04ad25139a6db65740b27af0f99cbcc7a8aec5a05c
SSDEEP

3072:3XCiLk7ndEFIp8d94jVS1CzyymLS1uhDeQ73njJxi6svBYydFzIUjnl:34YI09oS1C+yykQr6Iul

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  1a4ca1e3af0ae1576bc91abd3d8b97f43fdb42113aed00c179e89566561a3dde
- Size
  
  160KB
- MD5
  
  46872a7a17ba55be680b5b34294e3396
- SHA1
  
  ebdd64c0a55ec1d761c54a93824868db909453b6
- SHA256
  
  1a4ca1e3af0ae1576bc91abd3d8b97f43fdb42113aed00c179e89566561a3dde
- SHA512
  
  3bf74bbf6a46c440d8429580e1a6b05ce9be290e7b7c318d7ddb1545e91daa4a774c2e041034e12435f9dc04ad25139a6db65740b27af0f99cbcc7a8aec5a05c
- SSDEEP
  
  3072:3XCiLk7ndEFIp8d94jVS1CzyymLS1uhDeQ73njJxi6svBYydFzIUjnl:34YI09oS1C+yykQr6Iul
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2