General
-
Target
message (5).txt
-
Size
5KB
-
Sample
240512-p5kf3aff4y
-
MD5
7cfc3906c2a6281f710f67824a009239
-
SHA1
fde3fba3a99492c4f74d2961de3184807d22da1b
-
SHA256
4a6305223da99ad01d47aa20b3d8bc9b2b33c68ca818a54c2d82ff3d20ce72c7
-
SHA512
b3af972aaad1e8a381db0efb941a1e5db8116106aabf3598dcf79c98ecf0cd5378d87a3d6f42119248f7dc332769c685f69b7e66117d8eaddcc13d9c155526ba
-
SSDEEP
96:2Wf6ZGxPyGGCgbGIRnqRQspRPwTQxyQy8Q0UWQceYcQgQxQnQviDQEbZNX5R2BYW:2Wf6ZGxPyGGCgbGIRnqRQspRaVf8/bcQ
Static task
static1
Behavioral task
behavioral1
Sample
message (5).txt
Resource
win11-20240426-en
Malware Config
Targets
-
-
Target
message (5).txt
-
Size
5KB
-
MD5
7cfc3906c2a6281f710f67824a009239
-
SHA1
fde3fba3a99492c4f74d2961de3184807d22da1b
-
SHA256
4a6305223da99ad01d47aa20b3d8bc9b2b33c68ca818a54c2d82ff3d20ce72c7
-
SHA512
b3af972aaad1e8a381db0efb941a1e5db8116106aabf3598dcf79c98ecf0cd5378d87a3d6f42119248f7dc332769c685f69b7e66117d8eaddcc13d9c155526ba
-
SSDEEP
96:2Wf6ZGxPyGGCgbGIRnqRQspRPwTQxyQy8Q0UWQceYcQgQxQnQviDQEbZNX5R2BYW:2Wf6ZGxPyGGCgbGIRnqRQspRaVf8/bcQ
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies AppInit DLL entries
-
Modifies Installed Components in the registry
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
3Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
8