a417499d4fef2561a8fe083bdf108ab46f40ba27ba0482f872479561a6d1ec7b | Triage

Sharing

General

Target

a417499d4fef2561a8fe083bdf108ab46f40ba27ba0482f872479561a6d1ec7b
Size

249KB
Sample

221203-ykzvpaae56
MD5

136b180d281f37ada4e0551a8fe575f3
SHA1

3843c26e8efc39198273dd42063b3f832e4fcdd4
SHA256

a417499d4fef2561a8fe083bdf108ab46f40ba27ba0482f872479561a6d1ec7b
SHA512

11428d933a249d379e96f179a82bc177d1fe07c948f9094c68b2394a0a1c4c527da05bced4d97cd57a7eb4965c8e6db14110b3a511030aa9385fac79ce66d8df
SSDEEP

6144:7PnkMwb+DWF3ayNbxB+m3dsYfNdPhTr4E6A3cK:TkMwb+DWYsq54d5TXPcK

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  a417499d4fef2561a8fe083bdf108ab46f40ba27ba0482f872479561a6d1ec7b
- Size
  
  249KB
- MD5
  
  136b180d281f37ada4e0551a8fe575f3
- SHA1
  
  3843c26e8efc39198273dd42063b3f832e4fcdd4
- SHA256
  
  a417499d4fef2561a8fe083bdf108ab46f40ba27ba0482f872479561a6d1ec7b
- SHA512
  
  11428d933a249d379e96f179a82bc177d1fe07c948f9094c68b2394a0a1c4c527da05bced4d97cd57a7eb4965c8e6db14110b3a511030aa9385fac79ce66d8df
- SSDEEP
  
  6144:7PnkMwb+DWF3ayNbxB+m3dsYfNdPhTr4E6A3cK:TkMwb+DWYsq54d5TXPcK
Score

10^/10

persistence discovery
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistence