General
-
Target
PBs_Awsome_Menu1.1_1.dll
-
Size
31KB
-
Sample
240220-ar2e4aga5v
-
MD5
e3c8c24e113cbfe00f5516eb585103f6
-
SHA1
97ea04bb655da3c8af510f0e307186f8e6bedf75
-
SHA256
3827634b7bc0485c59405e26ad982b11cdb90edc2479f49c23c57cde955b4c09
-
SHA512
fb4e6655b88a52c410ed5293d7e0c04428093b76ba10f1dd566a5b0760773cb8c6924f5ce627e84d79f4f96b84656deb25595e492a18e9c4750a73c76939132d
-
SSDEEP
384:/KK99D2dMM3fT5QnWnzhfJHAdihj8elq1DshVR7l8gA5h7lyEHGIOTWBZXYECiqC:iQbM3fFQnWnzhfJgdUjpgkOXVsWg5
Malware Config
Targets
-
-
Target
PBs_Awsome_Menu1.1_1.dll
-
Size
31KB
-
MD5
e3c8c24e113cbfe00f5516eb585103f6
-
SHA1
97ea04bb655da3c8af510f0e307186f8e6bedf75
-
SHA256
3827634b7bc0485c59405e26ad982b11cdb90edc2479f49c23c57cde955b4c09
-
SHA512
fb4e6655b88a52c410ed5293d7e0c04428093b76ba10f1dd566a5b0760773cb8c6924f5ce627e84d79f4f96b84656deb25595e492a18e9c4750a73c76939132d
-
SSDEEP
384:/KK99D2dMM3fT5QnWnzhfJHAdihj8elq1DshVR7l8gA5h7lyEHGIOTWBZXYECiqC:iQbM3fFQnWnzhfJgdUjpgkOXVsWg5
Score10/10-
Modifies WinLogon for persistence
-
UAC bypass
-
Disables RegEdit via registry modification
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1