General
-
Target
01a31f7aebf29f73acdbe0f2b0317140N.exe
-
Size
23KB
-
Sample
240715-yxgjwazbrf
-
MD5
01a31f7aebf29f73acdbe0f2b0317140
-
SHA1
8351b7b8f48a3bc57c6daf0aab67dd1ebd52c008
-
SHA256
19386d98a52be6ef56ea8aee3a3b5acb27df4a0bb0e2a1d4fd374ce5b73ceecc
-
SHA512
415d2a277c89d0be53846f13a5c1fce1ea91898f505613aed6180e6b1d0fab25731ed8f465c21552c81754354d7161df4075e825f3ed8bc82913b3a3fe7fb121
-
SSDEEP
384:jIz4rMgZ27ChC9IYfzjlDe245V7n8zbC96H21PDIcRnZVwqpSmXRd3b:jIUIgPC9Iqzjla2aVj8zNHRcBNpSmX3r
Malware Config
Targets
-
-
Target
01a31f7aebf29f73acdbe0f2b0317140N.exe
-
Size
23KB
-
MD5
01a31f7aebf29f73acdbe0f2b0317140
-
SHA1
8351b7b8f48a3bc57c6daf0aab67dd1ebd52c008
-
SHA256
19386d98a52be6ef56ea8aee3a3b5acb27df4a0bb0e2a1d4fd374ce5b73ceecc
-
SHA512
415d2a277c89d0be53846f13a5c1fce1ea91898f505613aed6180e6b1d0fab25731ed8f465c21552c81754354d7161df4075e825f3ed8bc82913b3a3fe7fb121
-
SSDEEP
384:jIz4rMgZ27ChC9IYfzjlDe245V7n8zbC96H21PDIcRnZVwqpSmXRd3b:jIUIgPC9Iqzjla2aVj8zNHRcBNpSmX3r
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1