35b21a3aa649d4220d5a166ef5c0cf3d8253e07706cfb636b11dc16f52145380 | Triage

Submit
Reports

Overview

overview

Static

static

35b21a3aa6...80.exe

windows7-x64

35b21a3aa6...80.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

35b21a3aa649d4220d5a166ef5c0cf3d8253e07706cfb636b11dc16f52145380
Size

45KB
Sample

240611-y99feszhqp
MD5

734a249a11bfc98c1b749bac7027144f
SHA1

0ddf7a28e0ed69322b889a2e8587fc43657868c0
SHA256

35b21a3aa649d4220d5a166ef5c0cf3d8253e07706cfb636b11dc16f52145380
SHA512

feed86dca98175ae73b5b9a656cbf8352143f9d6d4eaed3c877e2f4edfbc84b55d0094f064edf48a3b1dced86643916184e46ec55fe4fe834560a9f006ee2935
SSDEEP

768:xmFQj8rM9whcqet8Wfxd9Mmnfa+TAOBJgZiPGyilSniJO14ktp7DFK+5nEEL:zAwEmBZ04faWmtN4nic+6G0

Score

10^/10

evasion persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

35b21a3aa649d4220d5a166ef5c0cf3d8253e07706cfb636b11dc16f52145380.exe

Resource

win7-20240220-en

evasion persistence

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

35b21a3aa649d4220d5a166ef5c0cf3d8253e07706cfb636b11dc16f52145380.exe

Resource

win10v2004-20240508-en

evasion persistence

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  35b21a3aa649d4220d5a166ef5c0cf3d8253e07706cfb636b11dc16f52145380
- Size
  
  45KB
- MD5
  
  734a249a11bfc98c1b749bac7027144f
- SHA1
  
  0ddf7a28e0ed69322b889a2e8587fc43657868c0
- SHA256
  
  35b21a3aa649d4220d5a166ef5c0cf3d8253e07706cfb636b11dc16f52145380
- SHA512
  
  feed86dca98175ae73b5b9a656cbf8352143f9d6d4eaed3c877e2f4edfbc84b55d0094f064edf48a3b1dced86643916184e46ec55fe4fe834560a9f006ee2935
- SSDEEP
  
  768:xmFQj8rM9whcqet8Wfxd9Mmnfa+TAOBJgZiPGyilSniJO14ktp7DFK+5nEEL:zAwEmBZ04faWmtN4nic+6G0
Score

10^/10

evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Detects executables built or packed with MPress PE compressor
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistence

behavioral2

evasionpersistence

© 2018-2025

Terms | Privacy