985dadbdf66da90fb29d243a16938e9e1f6890c24376dca777dc83a9d85e7e30 | Triage

Sharing

General

Target

985dadbdf66da90fb29d243a16938e9e1f6890c24376dca777dc83a9d85e7e30
Size

61KB
Sample

221206-kw2a1afc2s
MD5

cdea158cce9abdd451ca68ec5cf3b0a8
SHA1

3a3df0e3fb2a23ddd699d5fe88ec2a1fd0cb75ee
SHA256

985dadbdf66da90fb29d243a16938e9e1f6890c24376dca777dc83a9d85e7e30
SHA512

ee0c5e35cfd2ff642a6142a78ffd4339718a8c8387d853a1efa3bb05181b2f387b9c60eb099cae0c7b088444e433d0d64305fe3322e38143d74570c1c5db3e6c
SSDEEP

768:5+79P47+g7obL0kTuh0iz3SAjZ3paUe7LuHuUPkijIOxEDKAn+G5EmfRldrdboXY:5v7+LiXxpILkPPG+elddUI

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  985dadbdf66da90fb29d243a16938e9e1f6890c24376dca777dc83a9d85e7e30
- Size
  
  61KB
- MD5
  
  cdea158cce9abdd451ca68ec5cf3b0a8
- SHA1
  
  3a3df0e3fb2a23ddd699d5fe88ec2a1fd0cb75ee
- SHA256
  
  985dadbdf66da90fb29d243a16938e9e1f6890c24376dca777dc83a9d85e7e30
- SHA512
  
  ee0c5e35cfd2ff642a6142a78ffd4339718a8c8387d853a1efa3bb05181b2f387b9c60eb099cae0c7b088444e433d0d64305fe3322e38143d74570c1c5db3e6c
- SSDEEP
  
  768:5+79P47+g7obL0kTuh0iz3SAjZ3paUe7LuHuUPkijIOxEDKAn+G5EmfRldrdboXY:5v7+LiXxpILkPPG+elddUI
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2