General
-
Target
d1d0ec2eb4572c8b819af742e4443d0d
-
Size
600KB
-
Sample
240317-zfnsasga9t
-
MD5
d1d0ec2eb4572c8b819af742e4443d0d
-
SHA1
0abafe43d36c486b62cfd21056214232079773e8
-
SHA256
23e60061b17767369032d11b809a49833dc773bde9a17820a92aee3f6161adb2
-
SHA512
9ce852bf25cdc059e7acb84519a1aec9d86e1561d0e410e8926fe6ec404bc95839fd0f2e4fdce12cc7e2e11518e64044d4926246b9dc7caaeaf710148cf19194
-
SSDEEP
12288:3NqQFzjP5MlciwiWSk4CgP0MMdiAm78YWc:dUCfMMY78Yj
Static task
static1
Behavioral task
behavioral1
Sample
d1d0ec2eb4572c8b819af742e4443d0d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d1d0ec2eb4572c8b819af742e4443d0d.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
d1d0ec2eb4572c8b819af742e4443d0d
-
Size
600KB
-
MD5
d1d0ec2eb4572c8b819af742e4443d0d
-
SHA1
0abafe43d36c486b62cfd21056214232079773e8
-
SHA256
23e60061b17767369032d11b809a49833dc773bde9a17820a92aee3f6161adb2
-
SHA512
9ce852bf25cdc059e7acb84519a1aec9d86e1561d0e410e8926fe6ec404bc95839fd0f2e4fdce12cc7e2e11518e64044d4926246b9dc7caaeaf710148cf19194
-
SSDEEP
12288:3NqQFzjP5MlciwiWSk4CgP0MMdiAm78YWc:dUCfMMY78Yj
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Installed Components in the registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Pre-OS Boot
1Bootkit
1