General
-
Target
e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5
-
Size
1.4MB
-
Sample
240614-f54p9swgnh
-
MD5
db809416e6e1bbf5d80e79076d20603c
-
SHA1
e986701c95efa9a220498ea1f3645748f8fdb3d8
-
SHA256
e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5
-
SHA512
57f657274937588865c78fe3d88813fecb5508c047a2167bad02e4487a8bf707102d61e6fa9f4f652a82de40dd6dd471f37d0270d1fff2f29d62c328975778fe
-
SSDEEP
6144:O1wCafZnZZVrKuaFusNoBFqkvqUPT35sle3oU4/zm0CaphZKkEeAz8exqO/JAC:kAZnZZF5agsxkvqolsle3UCo1UJ
Behavioral task
behavioral1
Sample
e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5.exe
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5
-
Size
1.4MB
-
MD5
db809416e6e1bbf5d80e79076d20603c
-
SHA1
e986701c95efa9a220498ea1f3645748f8fdb3d8
-
SHA256
e8cc1a2f86268b8b222141773e3f6da845d207bc166ad287e0205936720b49b5
-
SHA512
57f657274937588865c78fe3d88813fecb5508c047a2167bad02e4487a8bf707102d61e6fa9f4f652a82de40dd6dd471f37d0270d1fff2f29d62c328975778fe
-
SSDEEP
6144:O1wCafZnZZVrKuaFusNoBFqkvqUPT35sle3oU4/zm0CaphZKkEeAz8exqO/JAC:kAZnZZF5agsxkvqolsle3UCo1UJ
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Disables cmd.exe use via registry modification
-
Disables use of System Restore points
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Modifies WinLogon
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
1Winlogon Helper DLL
2Event Triggered Execution
1Change Default File Association
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
9