c7a364c1d4cb1f8e1f220ee66a372a5d2132c7e31bfb22c466901845e79aa81d | Triage

Sharing

General

Target

c7a364c1d4cb1f8e1f220ee66a372a5d2132c7e31bfb22c466901845e79aa81d
Size

218KB
Sample

240524-dn63ysbb37
MD5

23b2542d678766df2cca1e7c6a6485dc
SHA1

1dfc34f9969e2f6fa63dff05e96db737bdf87568
SHA256

c7a364c1d4cb1f8e1f220ee66a372a5d2132c7e31bfb22c466901845e79aa81d
SHA512

6dfb946ee1e3ab3f0852ab679d8651fd78698f354a282c62d7924d97795732c16a6d059eb444d9acb850ecdb180d197c95b74a7077fc761a412ac61ba8641f02
SSDEEP

3072:Dvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:71SyAJp6rjn1gOObn4b6h9h

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  c7a364c1d4cb1f8e1f220ee66a372a5d2132c7e31bfb22c466901845e79aa81d
- Size
  
  218KB
- MD5
  
  23b2542d678766df2cca1e7c6a6485dc
- SHA1
  
  1dfc34f9969e2f6fa63dff05e96db737bdf87568
- SHA256
  
  c7a364c1d4cb1f8e1f220ee66a372a5d2132c7e31bfb22c466901845e79aa81d
- SHA512
  
  6dfb946ee1e3ab3f0852ab679d8651fd78698f354a282c62d7924d97795732c16a6d059eb444d9acb850ecdb180d197c95b74a7077fc761a412ac61ba8641f02
- SSDEEP
  
  3072:Dvm4SZsQrNzPrl6rjGMjp39d4u8iqddCxMIJOb2o5DsBPjim6hwM2H6:71SyAJp6rjn1gOObn4b6h9h
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2