3d7bedb5d7b109bb67810e56bb05a2523e0b286e5b73bc8a04ae65e910f52531 | Triage

Sharing

General

Target

3d7bedb5d7b109bb67810e56bb05a2523e0b286e5b73bc8a04ae65e910f52531
Size

140KB
Sample

221123-rwa75shf46
MD5

f3a281b6213616350c347e56cad545cd
SHA1

5cc1c113180415f6f7a430e498aab83584154687
SHA256

3d7bedb5d7b109bb67810e56bb05a2523e0b286e5b73bc8a04ae65e910f52531
SHA512

a950877e161ea801c540f28c89b386ea16d8b47afb53399939c38266b04bcbd565c275fb54855b238ab4e4761a777a968e2e5584db1c3c02bf9d349227ce66c0
SSDEEP

3072:v4nOeNclhWePioq9I/aMDy4LmRbymJ+bN:eJAhrioq9IRDyzJ6

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  3d7bedb5d7b109bb67810e56bb05a2523e0b286e5b73bc8a04ae65e910f52531
- Size
  
  140KB
- MD5
  
  f3a281b6213616350c347e56cad545cd
- SHA1
  
  5cc1c113180415f6f7a430e498aab83584154687
- SHA256
  
  3d7bedb5d7b109bb67810e56bb05a2523e0b286e5b73bc8a04ae65e910f52531
- SHA512
  
  a950877e161ea801c540f28c89b386ea16d8b47afb53399939c38266b04bcbd565c275fb54855b238ab4e4761a777a968e2e5584db1c3c02bf9d349227ce66c0
- SSDEEP
  
  3072:v4nOeNclhWePioq9I/aMDy4LmRbymJ+bN:eJAhrioq9IRDyzJ6
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2