General
-
Target
FA AntiVira Prosses Watch.exe
-
Size
7.1MB
-
Sample
240528-s5jfjsaf4v
-
MD5
b8bfdafa661a4110fd34c9b0fbb2582c
-
SHA1
3b0311377236083ffdeb61ab81d3186962a7d59d
-
SHA256
eb0b2accd533bb7556b98d8150dcfc313239586c223f86d9d1dce22234702076
-
SHA512
04eee9cb6f1470f5963825840bee0f8c9fac26a7e1faf6282c8bbe6daaa18cac992909852e4bb82f31656b6ebaa2be5ddcda4f9b796e2ce39509579035dbff52
-
SSDEEP
196608:JszWA1HeT39IigheE9TFa0Z8DOjCdylNownzbQWa0ngx:61+TtIibY9Z8D8CclyUnwigx
Behavioral task
behavioral1
Sample
FA AntiVira Prosses Watch.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
FA AntiVira Prosses Watch.exe
-
Size
7.1MB
-
MD5
b8bfdafa661a4110fd34c9b0fbb2582c
-
SHA1
3b0311377236083ffdeb61ab81d3186962a7d59d
-
SHA256
eb0b2accd533bb7556b98d8150dcfc313239586c223f86d9d1dce22234702076
-
SHA512
04eee9cb6f1470f5963825840bee0f8c9fac26a7e1faf6282c8bbe6daaa18cac992909852e4bb82f31656b6ebaa2be5ddcda4f9b796e2ce39509579035dbff52
-
SSDEEP
196608:JszWA1HeT39IigheE9TFa0Z8DOjCdylNownzbQWa0ngx:61+TtIibY9Z8D8CclyUnwigx
Score10/10-
Modifies WinLogon for persistence
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Defense Evasion
Modify Registry
3Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1