Overview

overview

10

Static

static

10

001e9becdd...93.exe

windows10-2004-x64

7

1a1cf2a2f6...31.exe

windows10-2004-x64

7

2eac3720bc...61.exe

windows10-2004-x64

1

320e3af17b...4c.exe

windows10-2004-x64

3

33bcab7033...70.exe

windows10-2004-x64

6

47a52afd63...2e.exe

windows10-2004-x64

10

4b24d27301...69.exe

windows10-2004-x64

7

4c481d251f...5a.exe

windows10-2004-x64

1

4c9ab76300...dd.exe

windows10-2004-x64

6

50a04b093c...95.dll

windows10-2004-x64

6

5266183553...2f.dll

windows10-2004-x64

8

547798defb...6e.exe

windows10-2004-x64

10

5fb2242c04...96.exe

windows10-2004-x64

1

63a0bf6385...12.exe

windows10-2004-x64

10

6a08b51e02...68.exe

windows10-2004-x64

5

803d827a2c...53.exe

windows10-2004-x64

7

85523c6377...c3.exe

windows10-2004-x64

3

8ab3db7349...03.exe

windows10-2004-x64

9

9b87457fe8...f0.exe

windows10-2004-x64

8

a3c7b0df18...cc.exe

windows10-2004-x64

1

ab4fa067af...38.exe

windows10-2004-x64

10

b1c5c3ca41...7d.exe

windows10-2004-x64

3

ca561f9403...c5.exe

windows10-2004-x64

7

d278eb3d6c...8f.exe

windows10-2004-x64

6

d3e04348f4...91.exe

windows10-2004-x64

10

d7e876a714...c9.exe

windows10-2004-x64

7

dd8bf2763c...38.exe

windows10-2004-x64

dd9ca1355f...9a.exe

windows10-2004-x64

7

dd9d07d1f5...27.exe

windows10-2004-x64

10

ef3c260fed...49.exe

windows10-2004-x64

10

f40df86d68...df.exe

windows10-2004-x64

10

fb861230c0...01.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-10-2023 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab4fa067af1c9a107b879341e255eb9f05779608ce31217c1a2d60d28a2c8838.exe

  • Size

    84KB

  • MD5

    7d3294046b8db4fa7229ea4e226808c9

  • SHA1

    3586e1d378e8547b0d7c3eb58fcbf9d789b1981d

  • SHA256

    ab4fa067af1c9a107b879341e255eb9f05779608ce31217c1a2d60d28a2c8838

  • SHA512

    4028df37dc553d47141f32a6e09019878ef66923f2fa87f17ae2b0f4068d11b7f4e10a22acf9120f710151a638bbf9a5fd121b6876361e23df36ecdc12b1c07a

  • SSDEEP

    1536:6C8Kd354Ru7qqWIk0rJ771bI6tcMCFnZGqckwVXicpt:6C8AJR/tH1b/GZtckwVXTpt

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab4fa067af1c9a107b879341e255eb9f05779608ce31217c1a2d60d28a2c8838.exe
    "C:\Users\Admin\AppData\Local\Temp\ab4fa067af1c9a107b879341e255eb9f05779608ce31217c1a2d60d28a2c8838.exe"
    1⤵
    • Modifies WinLogon for persistence
    PID:1232

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Winlogon Helper DLL

1
T1547.004

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads