General
-
Target
179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
-
Size
335KB
-
Sample
240424-xza97sfg68
-
MD5
83294e6e639a04de564bc786a2f1672b
-
SHA1
4eea105d6d35f7346ac57d5690ff7193d5d4af90
-
SHA256
179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
-
SHA512
3b609e37f46b30aa645abc836c852263263f6cf52222e95260354161092b79b121c5a5af8e727169fd589b662f6f02bb0140ed16a0d860543669b7f43f381525
-
SSDEEP
6144:HrnkP+6bB0H9rj3fMobS1bSKPbSX2heDObSankP+6bWSGON9bS7/B+ybS7/B+ybf:HQ+Qu9piLzwoJQ+p0RqZmZJB
Static task
static1
Behavioral task
behavioral1
Sample
179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801.exe
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
-
Size
335KB
-
MD5
83294e6e639a04de564bc786a2f1672b
-
SHA1
4eea105d6d35f7346ac57d5690ff7193d5d4af90
-
SHA256
179c059a42aa4ad4e998a740df1d7d64f066b5821fa87f0986a381b5ded4c801
-
SHA512
3b609e37f46b30aa645abc836c852263263f6cf52222e95260354161092b79b121c5a5af8e727169fd589b662f6f02bb0140ed16a0d860543669b7f43f381525
-
SSDEEP
6144:HrnkP+6bB0H9rj3fMobS1bSKPbSX2heDObSankP+6bWSGON9bS7/B+ybS7/B+ybf:HQ+Qu9piLzwoJQ+p0RqZmZJB
Score10/10-
Modifies WinLogon for persistence
-
Detects executables built or packed with MPress PE compressor
-
UPX dump on OEP (original entry point)
-
Drops file in Drivers directory
-
Sets service image path in registry
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1