f822b9a1d791bce13d7156208f826426536b7f619748e687f45cf774bf83beb7 | Triage

Sharing

General

Target

f822b9a1d791bce13d7156208f826426536b7f619748e687f45cf774bf83beb7
Size

174KB
Sample

221123-pv5z1scc97
MD5

9ec7a3823d8f218b37e1b4c98c17b8e4
SHA1

04ab34fde80de9298ce22a54e5b707c46cfcc46f
SHA256

f822b9a1d791bce13d7156208f826426536b7f619748e687f45cf774bf83beb7
SHA512

a35b28f13da048d52a0280f9a2c8e69faba948328634b77560bf63306a2ca3e7f692d1c5780cc5219a53b494264e84f00d8245cfa5cbf967c52e0fa632b1965c
SSDEEP

3072:oAKIO1iFiXeuEmTLynzObIvls4qQXvvSGunAYZ/p3B7mNp2HG:iIO1icxUzDNs4qQXvvSDv/H7mam

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  f822b9a1d791bce13d7156208f826426536b7f619748e687f45cf774bf83beb7
- Size
  
  174KB
- MD5
  
  9ec7a3823d8f218b37e1b4c98c17b8e4
- SHA1
  
  04ab34fde80de9298ce22a54e5b707c46cfcc46f
- SHA256
  
  f822b9a1d791bce13d7156208f826426536b7f619748e687f45cf774bf83beb7
- SHA512
  
  a35b28f13da048d52a0280f9a2c8e69faba948328634b77560bf63306a2ca3e7f692d1c5780cc5219a53b494264e84f00d8245cfa5cbf967c52e0fa632b1965c
- SSDEEP
  
  3072:oAKIO1iFiXeuEmTLynzObIvls4qQXvvSGunAYZ/p3B7mNp2HG:iIO1icxUzDNs4qQXvvSDv/H7mam
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2