General
-
Target
7f29b947179c3a396bececffe1ffbe5e00db15a0016eff06725df585912a5a95
-
Size
2.3MB
-
Sample
240606-b7fc8seb4w
-
MD5
703e39b826f8f94fc1d1423cee8b5abf
-
SHA1
51e6e6f9ddb023f7d749c26157931ecfb27c4615
-
SHA256
7f29b947179c3a396bececffe1ffbe5e00db15a0016eff06725df585912a5a95
-
SHA512
639aa4158cb878816e853b976871ca4fe678eb45042b28e0cd550731acdd5387ab4ba06bc5023e41a8103d77cc1507911a2af6297ecdf4a05a2e9ea60782f91e
-
SSDEEP
49152:SLDEfWcnLJ6I3BUz8fsK5CdoQmTZMCpylljm:tXnL73XHdFHpqm
Static task
static1
Behavioral task
behavioral1
Sample
7f29b947179c3a396bececffe1ffbe5e00db15a0016eff06725df585912a5a95.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7f29b947179c3a396bececffe1ffbe5e00db15a0016eff06725df585912a5a95.exe
Resource
win10v2004-20240426-en
Malware Config
Targets
-
-
Target
7f29b947179c3a396bececffe1ffbe5e00db15a0016eff06725df585912a5a95
-
Size
2.3MB
-
MD5
703e39b826f8f94fc1d1423cee8b5abf
-
SHA1
51e6e6f9ddb023f7d749c26157931ecfb27c4615
-
SHA256
7f29b947179c3a396bececffe1ffbe5e00db15a0016eff06725df585912a5a95
-
SHA512
639aa4158cb878816e853b976871ca4fe678eb45042b28e0cd550731acdd5387ab4ba06bc5023e41a8103d77cc1507911a2af6297ecdf4a05a2e9ea60782f91e
-
SSDEEP
49152:SLDEfWcnLJ6I3BUz8fsK5CdoQmTZMCpylljm:tXnL73XHdFHpqm
Score10/10-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Modifies Installed Components in the registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1