d6fe0e42f90dc1733c7efb39f4cd197c460962d86077bdc5760be7226b4a65b8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7f2f73f8d8b4e4448e5cb304864dce10N.exe
Size

152KB
Sample

240722-jphpmswdmd
MD5

7f2f73f8d8b4e4448e5cb304864dce10
SHA1

621bf2f3fef96f072797cd5a1a0a0668b0eb312d
SHA256

d6fe0e42f90dc1733c7efb39f4cd197c460962d86077bdc5760be7226b4a65b8
SHA512

10e2468c83fda71a6d55dac72abeb0eb864a7e5d6ad67e4a7af4f927c15890e8d5f30320b85b3830af879ea8cc6fae21aa1aa47241ead14d5b8931d34b1ffa09
SSDEEP

3072:Iru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:coSkB2R09l9b5ntD4LKS/6de

Score

10^/10

persistence

Malware Config

Targets

- Target
  
  7f2f73f8d8b4e4448e5cb304864dce10N.exe
- Size
  
  152KB
- MD5
  
  7f2f73f8d8b4e4448e5cb304864dce10
- SHA1
  
  621bf2f3fef96f072797cd5a1a0a0668b0eb312d
- SHA256
  
  d6fe0e42f90dc1733c7efb39f4cd197c460962d86077bdc5760be7226b4a65b8
- SHA512
  
  10e2468c83fda71a6d55dac72abeb0eb864a7e5d6ad67e4a7af4f927c15890e8d5f30320b85b3830af879ea8cc6fae21aa1aa47241ead14d5b8931d34b1ffa09
- SSDEEP
  
  3072:Iru5SkB2ca09lIqb5nr5JYpQ4O8k99K//RLbyVZtde:coSkB2R09l9b5ntD4LKS/6de
Score

10^/10

persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2