Overview

overview

10

Static

static

3

07ea654ba8...25.exe

windows7-x64

10

07ea654ba8...25.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07ea654ba805f82dda0ba70e9014f425

  • Size

    1.7MB

  • Sample

    231230-ab7beadccm

  • MD5

    07ea654ba805f82dda0ba70e9014f425

  • SHA1

    f55a8b8c68ff0dd9ce65826ec36430279ddb13c7

  • SHA256

    04dda7bb206088660114542dc8ca36b2a1b94f3ffc5347289af449f12bcedca9

  • SHA512

    0fb3d6845d47c5a70f7c77f8ff705361a71b4c5b4b94e9721af8788cbaa7b6d3c9212f803b92392659f2946ebdb9e69440e99e0630198ae3e98c70d97e9d5440

  • SSDEEP

    49152:y8OU0+IDBPLyNP6RqiLMWhc9mvtzTI6W3gvS1pjtU2Z/9YD:y890dLyNCsWMWhnztWCS1pjNgD

Score
10/10
evasionpersistence

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://pcprotectionutility.com/favicon.ico?0=72&1=0&2=1&3=57&4=i-s&5=7601&6=6&7=1&8=99600&9=1033&10=0&11=0000

Extracted

Language
hta
Source
URLs
hta.dropper

http://pcprotectionutility.com/favicon.ico?0=72&1=0&2=1&3=57&4=i-s&5=9200&6=6&7=2&8=919041&9=1033&10=0&11=0000

Targets

    • Target

      07ea654ba805f82dda0ba70e9014f425

    • Size

      1.7MB

    • MD5

      07ea654ba805f82dda0ba70e9014f425

    • SHA1

      f55a8b8c68ff0dd9ce65826ec36430279ddb13c7

    • SHA256

      04dda7bb206088660114542dc8ca36b2a1b94f3ffc5347289af449f12bcedca9

    • SHA512

      0fb3d6845d47c5a70f7c77f8ff705361a71b4c5b4b94e9721af8788cbaa7b6d3c9212f803b92392659f2946ebdb9e69440e99e0630198ae3e98c70d97e9d5440

    • SSDEEP

      49152:y8OU0+IDBPLyNP6RqiLMWhc9mvtzTI6W3gvS1pjtU2Z/9YD:y890dLyNCsWMWhnztWCS1pjNgD

    Score
    10/10
    evasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Sets file execution options in registry

      persistence

    • Stops running service(s)

      evasion

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Defense Evasion

Modify Registry

3
T1112

Impair Defenses

1
T1562

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks