1d7a0e96b2f5d7becca25fb475889832a5666568824e5275fbee944033ba8e77 | Triage

Sharing

General

Target

c798fe0a4cefc5d36f4d43e4e07e13c1
Size

108KB
Sample

240314-d8yx3shf7y
MD5

c798fe0a4cefc5d36f4d43e4e07e13c1
SHA1

0e18c6b7907b4a199cf57622b079b60182288560
SHA256

1d7a0e96b2f5d7becca25fb475889832a5666568824e5275fbee944033ba8e77
SHA512

8af2d7ea4e699bb6ca7811c694c1d98b0f4acb805f050d210297e2a4bd4c83c2aae2e2ec92fd7ebdfe2bb4ba3f30b61e55aad6921959b0d6c72d6cc110e51288
SSDEEP

3072:cifdElFuYmEaUiBcMuMzRIIKY+7a/0eCnu6NXs12dC:2DjmPuSyhwGu6NXi2

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  c798fe0a4cefc5d36f4d43e4e07e13c1
- Size
  
  108KB
- MD5
  
  c798fe0a4cefc5d36f4d43e4e07e13c1
- SHA1
  
  0e18c6b7907b4a199cf57622b079b60182288560
- SHA256
  
  1d7a0e96b2f5d7becca25fb475889832a5666568824e5275fbee944033ba8e77
- SHA512
  
  8af2d7ea4e699bb6ca7811c694c1d98b0f4acb805f050d210297e2a4bd4c83c2aae2e2ec92fd7ebdfe2bb4ba3f30b61e55aad6921959b0d6c72d6cc110e51288
- SSDEEP
  
  3072:cifdElFuYmEaUiBcMuMzRIIKY+7a/0eCnu6NXs12dC:2DjmPuSyhwGu6NXi2
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2