200973eab56e69a6d40c6325732241c7e1f8c0f2ef6441ea93a93374713a3ace | Triage

Sharing

General

Target

200973eab56e69a6d40c6325732241c7e1f8c0f2ef6441ea93a93374713a3ace
Size

41KB
Sample

240515-ynzn4ahb3z
MD5

5d49fa9d675133d08a326a745c8f647d
SHA1

123948c5f2ff8a58921172afa38d4f066d47d0f6
SHA256

200973eab56e69a6d40c6325732241c7e1f8c0f2ef6441ea93a93374713a3ace
SHA512

811e4fea86bdef1ed82cab282956cb124f03a429540544f88fdb789f306a9b306031d2d92238c53f0f9ec6c09378cab04dced99142a4beade6a96f618b3c892b
SSDEEP

768:+iZNPp0b5BbrMVUTBv6mkZ8jA7IwnDoSdb:+WNBGBrM6Fv6mkqyoe

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  200973eab56e69a6d40c6325732241c7e1f8c0f2ef6441ea93a93374713a3ace
- Size
  
  41KB
- MD5
  
  5d49fa9d675133d08a326a745c8f647d
- SHA1
  
  123948c5f2ff8a58921172afa38d4f066d47d0f6
- SHA256
  
  200973eab56e69a6d40c6325732241c7e1f8c0f2ef6441ea93a93374713a3ace
- SHA512
  
  811e4fea86bdef1ed82cab282956cb124f03a429540544f88fdb789f306a9b306031d2d92238c53f0f9ec6c09378cab04dced99142a4beade6a96f618b3c892b
- SSDEEP
  
  768:+iZNPp0b5BbrMVUTBv6mkZ8jA7IwnDoSdb:+WNBGBrM6Fv6mkqyoe
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2