General

  • Target

    5cc3954b150e8a2c48f8357f56ee1050N.exe

  • Size

    21KB

  • Sample

    240722-e1mqhswerc

  • MD5

    5cc3954b150e8a2c48f8357f56ee1050

  • SHA1

    3aeba689d4a925db8502729b0c50e662fc2e990b

  • SHA256

    62873cbb54fef0c67b3c4a040f97a77454aac807fdbc3769d1d6fd8478d2a3fd

  • SHA512

    74235f6f4c59a70a2eb39489206c2986601a87ad48abb65033ec5cfc76e593fc72bec168d979af84651f6844b362a0db127717a4b1b54f207a95b1c34132ba21

  • SSDEEP

    384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXfI2hZ4:rRkiLw3HsDSARGG/g2hZ4

Malware Config

Targets

    • Target

      5cc3954b150e8a2c48f8357f56ee1050N.exe

    • Size

      21KB

    • MD5

      5cc3954b150e8a2c48f8357f56ee1050

    • SHA1

      3aeba689d4a925db8502729b0c50e662fc2e990b

    • SHA256

      62873cbb54fef0c67b3c4a040f97a77454aac807fdbc3769d1d6fd8478d2a3fd

    • SHA512

      74235f6f4c59a70a2eb39489206c2986601a87ad48abb65033ec5cfc76e593fc72bec168d979af84651f6844b362a0db127717a4b1b54f207a95b1c34132ba21

    • SSDEEP

      384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXfI2hZ4:rRkiLw3HsDSARGG/g2hZ4

    • Windows security bypass

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Event Triggered Execution: Image File Execution Options Injection

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Modifies WinLogon

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks