General
-
Target
7595ece9b4c9b2ffce99ea6568f094371b8b271ec646701c7088e7e46c702d9b.exe
-
Size
145KB
-
Sample
240523-cpbsrsad36
-
MD5
1e458539f873b0f37c852300ba68c930
-
SHA1
910928cebfeff0046100391013c4d899024e71ac
-
SHA256
7595ece9b4c9b2ffce99ea6568f094371b8b271ec646701c7088e7e46c702d9b
-
SHA512
6347a201cb2222972eab551d98ac9e5b7fbc709dba0016c57483d8de83e142e11203e388b36c928589c3d3537b3d6648845fce4cc4ba44b6bac1af15d3cb3343
-
SSDEEP
3072:mx6AHjYzaFXg+w17jsgS/jHagQg1dxiEV:mxzYzaFXi17jW
Static task
static1
Behavioral task
behavioral1
Sample
7595ece9b4c9b2ffce99ea6568f094371b8b271ec646701c7088e7e46c702d9b.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
7595ece9b4c9b2ffce99ea6568f094371b8b271ec646701c7088e7e46c702d9b.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
7595ece9b4c9b2ffce99ea6568f094371b8b271ec646701c7088e7e46c702d9b.exe
-
Size
145KB
-
MD5
1e458539f873b0f37c852300ba68c930
-
SHA1
910928cebfeff0046100391013c4d899024e71ac
-
SHA256
7595ece9b4c9b2ffce99ea6568f094371b8b271ec646701c7088e7e46c702d9b
-
SHA512
6347a201cb2222972eab551d98ac9e5b7fbc709dba0016c57483d8de83e142e11203e388b36c928589c3d3537b3d6648845fce4cc4ba44b6bac1af15d3cb3343
-
SSDEEP
3072:mx6AHjYzaFXg+w17jsgS/jHagQg1dxiEV:mxzYzaFXi17jW
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
9Hide Artifacts
2Hidden Files and Directories
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1