General
-
Target
chrome.dll.sig
-
Size
1KB
-
Sample
240525-sh6mkaha82
-
MD5
551febd41119cc37d2b0e88f27f0db22
-
SHA1
381c66a2ce011ca96f3587f2e9048f3076de801c
-
SHA256
9dc891424224fbbb32b2e421a776d1a81711994d1e3cde7cabd5a80e4c735b12
-
SHA512
ba4ab9e1831cc94c2d7aa81b826b4aeba23ff5d1271ce4bf97f2fb8b621b37214880c9480d7bf70ddd6acb66d50a89a4b2a74318c58a99144012faf7a85d4ba6
Static task
static1
Behavioral task
behavioral1
Sample
chrome.dll.sig
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
chrome.dll.sig
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
chrome.dll.sig
-
Size
1KB
-
MD5
551febd41119cc37d2b0e88f27f0db22
-
SHA1
381c66a2ce011ca96f3587f2e9048f3076de801c
-
SHA256
9dc891424224fbbb32b2e421a776d1a81711994d1e3cde7cabd5a80e4c735b12
-
SHA512
ba4ab9e1831cc94c2d7aa81b826b4aeba23ff5d1271ce4bf97f2fb8b621b37214880c9480d7bf70ddd6acb66d50a89a4b2a74318c58a99144012faf7a85d4ba6
Score10/10-
Modifies WinLogon for persistence
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables use of System Restore points
-
Sets file execution options in registry
-
Executes dropped EXE
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1