7bf9607e29b2908938eecb81d372f3c931f03cb23db546e88ad245dd0e38e43b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7bf9607e29b2908938eecb81d372f3c931f03cb23db546e88ad245dd0e38e43b
Size

260KB
Sample

221201-2e441abg3z
MD5

41e0cef3bb6871be4bf9d4ed3c920e95
SHA1

d043c06b4061d3baf0a6d03a833d16e9f9f145d1
SHA256

7bf9607e29b2908938eecb81d372f3c931f03cb23db546e88ad245dd0e38e43b
SHA512

1ad91ce5a650b98c07d6f52bc06cd3ec7893e29cc27b7a0bf9919af8c354bddbc3b0f792e9efa386d7f168d37b3aed188ab358d57de316c4b947d11b74e9dc89
SSDEEP

6144:yFAqgNMrMNnHGUS0mATGBqxwO54kBzPpSC5T0i8S:yUNKMQUzSwh5bBzseT0m

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  7bf9607e29b2908938eecb81d372f3c931f03cb23db546e88ad245dd0e38e43b
- Size
  
  260KB
- MD5
  
  41e0cef3bb6871be4bf9d4ed3c920e95
- SHA1
  
  d043c06b4061d3baf0a6d03a833d16e9f9f145d1
- SHA256
  
  7bf9607e29b2908938eecb81d372f3c931f03cb23db546e88ad245dd0e38e43b
- SHA512
  
  1ad91ce5a650b98c07d6f52bc06cd3ec7893e29cc27b7a0bf9919af8c354bddbc3b0f792e9efa386d7f168d37b3aed188ab358d57de316c4b947d11b74e9dc89
- SSDEEP
  
  6144:yFAqgNMrMNnHGUS0mATGBqxwO54kBzPpSC5T0i8S:yUNKMQUzSwh5bBzseT0m
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence