067916eeef467124e4ed136953bc7f2dbd432367a8bb09598a35e1e608183b05 | Triage

Submit
Reports

Overview

overview

Static

static

5de55c6832...92.exe

windows10-1703-x64

Sharing

General

Target

5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92.zip
Size

88KB
Sample

221221-lw79zsfb51
MD5

54b7902f04e0f2f073352e5cd8f460f0
SHA1

cd794b02eaa48fd22a79427bb663ad01a8463323
SHA256

067916eeef467124e4ed136953bc7f2dbd432367a8bb09598a35e1e608183b05
SHA512

98bf6b33118e2a186dfd0923e4c068633dd17fe8daa70180c2abd94d2f1aea74d29cab0142c8908b1599963551cd22ba7392203ca6faa9fbb7e1b8c8996d124f
SSDEEP

1536:hKsw20QnVZdX0O7s50j7i6u8IGvp5L74F1QJ/ftkGYAc9lh6ludwH4dCb/ujj:wsw20QnbdEO7K0j7fu8I0rL0FlGtJum+

Score

10^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92.exe

Resource

win10-20220812-en

discovery evasion exploit persistence

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92.exe
- Size
  
  143KB
- MD5
  
  193cbda4598fe61c69b538416fb78aa1
- SHA1
  
  7f8546a917732a4daf146b818fdb7c14b25df3ba
- SHA256
  
  5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92
- SHA512
  
  9e3cb60b519fb6f81b484048ab9e9b4ec78ef81f30c31807d28e18b8ac91a36e94d0c19e5e09082b1039cbcc4b6ece4189677168c97fe5a6da0fb395adc15e3b
- SSDEEP
  
  3072:MTb4+LoQHG9gh9hRgf2WGapffZY36ozdH6oz:ObFLo1aRg+gXZUz
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Drops startup file
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy