5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92 | Triage

Submit
Reports

Overview

overview

Static

static

5de55c6832...92.exe

windows7-x64

5de55c6832...92.exe

windows10-2004-x64

Sharing

General

Target

5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92
Size

143KB
Sample

221221-mcq22aca92
MD5

193cbda4598fe61c69b538416fb78aa1
SHA1

7f8546a917732a4daf146b818fdb7c14b25df3ba
SHA256

5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92
SHA512

9e3cb60b519fb6f81b484048ab9e9b4ec78ef81f30c31807d28e18b8ac91a36e94d0c19e5e09082b1039cbcc4b6ece4189677168c97fe5a6da0fb395adc15e3b
SSDEEP

3072:MTb4+LoQHG9gh9hRgf2WGapffZY36ozdH6oz:ObFLo1aRg+gXZUz

Score

10^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92.exe

Resource

win7-20220901-en

discovery evasion exploit persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92.exe

Resource

win10v2004-20220812-en

discovery evasion exploit persistence

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92
- Size
  
  143KB
- MD5
  
  193cbda4598fe61c69b538416fb78aa1
- SHA1
  
  7f8546a917732a4daf146b818fdb7c14b25df3ba
- SHA256
  
  5de55c68325c841463352b7e53b058a65e476579fa8cf7126b9dbc6fc4fddc92
- SHA512
  
  9e3cb60b519fb6f81b484048ab9e9b4ec78ef81f30c31807d28e18b8ac91a36e94d0c19e5e09082b1039cbcc4b6ece4189677168c97fe5a6da0fb395adc15e3b
- SSDEEP
  
  3072:MTb4+LoQHG9gh9hRgf2WGapffZY36ozdH6oz:ObFLo1aRg+gXZUz
Score

10^/10

discovery evasion exploit persistence
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

behavioral2

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy