General
-
Target
a3c0c493ce3824dc77c342eccbc0cec9633e8c183e7c976b7103ce8445b33b59
-
Size
145KB
-
Sample
240614-ckf7pa1fnh
-
MD5
df4209842d006b123314b9f213d180e5
-
SHA1
fed0674f0ef0d86b3179bd8acc5464c6be294612
-
SHA256
a3c0c493ce3824dc77c342eccbc0cec9633e8c183e7c976b7103ce8445b33b59
-
SHA512
ab082cf90ccbb499858fa08fc17cfb69e9f09b0afd170d88c6f0de367bd8828deeb739b1a02b6deeaba5e385342447de9cb7fbc9c7edf919b27136f3fbd08003
-
SSDEEP
1536:vJo0IHgL2AHfb1mzaFXg+xsukl4Y17jsgS/jHagQNuXGpeVTV:Bx6AHjYzaFXg+w17jsgS/jHagQg19V
Static task
static1
Behavioral task
behavioral1
Sample
a3c0c493ce3824dc77c342eccbc0cec9633e8c183e7c976b7103ce8445b33b59.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
a3c0c493ce3824dc77c342eccbc0cec9633e8c183e7c976b7103ce8445b33b59.exe
Resource
win10v2004-20240508-en
Malware Config
Targets
-
-
Target
a3c0c493ce3824dc77c342eccbc0cec9633e8c183e7c976b7103ce8445b33b59
-
Size
145KB
-
MD5
df4209842d006b123314b9f213d180e5
-
SHA1
fed0674f0ef0d86b3179bd8acc5464c6be294612
-
SHA256
a3c0c493ce3824dc77c342eccbc0cec9633e8c183e7c976b7103ce8445b33b59
-
SHA512
ab082cf90ccbb499858fa08fc17cfb69e9f09b0afd170d88c6f0de367bd8828deeb739b1a02b6deeaba5e385342447de9cb7fbc9c7edf919b27136f3fbd08003
-
SSDEEP
1536:vJo0IHgL2AHfb1mzaFXg+xsukl4Y17jsgS/jHagQNuXGpeVTV:Bx6AHjYzaFXg+w17jsgS/jHagQg19V
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Drops file in Drivers directory
-
Sets file execution options in registry
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Modify Registry
9Hide Artifacts
2Hidden Files and Directories
2Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1