b1a7addc66ced8a4d02dc748034540ff450cd171a8460eed0405cf7d1ecc9014 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1a7addc66ced8a4d02dc748034540ff450cd171a8460eed0405cf7d1ecc9014
Size

42KB
Sample

221203-h16p6see63
MD5

7961a10496f05dee80e4d579cd24094c
SHA1

67ee846f7a837826f5b7834f81316cc8a4e14f85
SHA256

b1a7addc66ced8a4d02dc748034540ff450cd171a8460eed0405cf7d1ecc9014
SHA512

8c1dddac9ac5dfb11bf38ac328f09aba03b19c32325c5d4ca442e8435fe2f4a26b5f0c43180f3e3cbaf579a18b027a80e338cc0d5d4ae49479105ef1289de6af
SSDEEP

768:g+1rvyjsX6IGS6P8bQ0wLuB2s39BZIjEkApM3bhtNKKjSKgkNGy2Nr:gI3X6ImGQ04sZIjNAa3bEKjSKLNnCr

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  b1a7addc66ced8a4d02dc748034540ff450cd171a8460eed0405cf7d1ecc9014
- Size
  
  42KB
- MD5
  
  7961a10496f05dee80e4d579cd24094c
- SHA1
  
  67ee846f7a837826f5b7834f81316cc8a4e14f85
- SHA256
  
  b1a7addc66ced8a4d02dc748034540ff450cd171a8460eed0405cf7d1ecc9014
- SHA512
  
  8c1dddac9ac5dfb11bf38ac328f09aba03b19c32325c5d4ca442e8435fe2f4a26b5f0c43180f3e3cbaf579a18b027a80e338cc0d5d4ae49479105ef1289de6af
- SSDEEP
  
  768:g+1rvyjsX6IGS6P8bQ0wLuB2s39BZIjEkApM3bhtNKKjSKgkNGy2Nr:gI3X6ImGQ04sZIjNAa3bEKjSKLNnCr
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2