222263748baf094e9694d33ae89bbc1e76f0dba151059faf93c1ec328c5894bc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.73dcb305912610aeeb9f002f1cafae20.exe
Size

435KB
Sample

231014-wkqwnsbh9v
MD5

73dcb305912610aeeb9f002f1cafae20
SHA1

1f498081605b20a2d0437018be513d215fbb4473
SHA256

222263748baf094e9694d33ae89bbc1e76f0dba151059faf93c1ec328c5894bc
SHA512

18293fe98b051447b72581d562b03c89522dd7ae54556a1eab7934f13a790882bb55944a378ae697aea160a93363676f28d8e3ca715189893180b4a330975cd3
SSDEEP

6144:WrvX/eSqjc3HsTaxoqnc5sgZy97NiO99PRwJOsmJR54fuZ/NhKmErjPVM8snQ3zF:wX/eOyaiqcLH1fuZ/N7T8snEd

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  NEAS.73dcb305912610aeeb9f002f1cafae20.exe
- Size
  
  435KB
- MD5
  
  73dcb305912610aeeb9f002f1cafae20
- SHA1
  
  1f498081605b20a2d0437018be513d215fbb4473
- SHA256
  
  222263748baf094e9694d33ae89bbc1e76f0dba151059faf93c1ec328c5894bc
- SHA512
  
  18293fe98b051447b72581d562b03c89522dd7ae54556a1eab7934f13a790882bb55944a378ae697aea160a93363676f28d8e3ca715189893180b4a330975cd3
- SSDEEP
  
  6144:WrvX/eSqjc3HsTaxoqnc5sgZy97NiO99PRwJOsmJR54fuZ/NhKmErjPVM8snQ3zF:wX/eOyaiqcLH1fuZ/N7T8snEd
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2