1c569a50c90246fc9a139aa8cae6201ba3caea8bfa2bd69709d3b4952688d1b5 | Triage

Sharing

General

Target

379d4edf90367c75e47fa0fac6e7fee0N.exe
Size

204KB
Sample

240724-ch22davfpd
MD5

379d4edf90367c75e47fa0fac6e7fee0
SHA1

791cd3b46e97f2705c4212c94215b4df70bef174
SHA256

1c569a50c90246fc9a139aa8cae6201ba3caea8bfa2bd69709d3b4952688d1b5
SHA512

e03a796aa319d799180b32ee8cf01de1cdb50c79ff159cb389da0eb59927124ccb192bfb9fe7b58975aa2db03603883c2edcf4a8b006b63ccbc6d7b9cedda31b
SSDEEP

3072:nO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:ngFtboVBJtNWyPnYG4fUbk

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  379d4edf90367c75e47fa0fac6e7fee0N.exe
- Size
  
  204KB
- MD5
  
  379d4edf90367c75e47fa0fac6e7fee0
- SHA1
  
  791cd3b46e97f2705c4212c94215b4df70bef174
- SHA256
  
  1c569a50c90246fc9a139aa8cae6201ba3caea8bfa2bd69709d3b4952688d1b5
- SHA512
  
  e03a796aa319d799180b32ee8cf01de1cdb50c79ff159cb389da0eb59927124ccb192bfb9fe7b58975aa2db03603883c2edcf4a8b006b63ccbc6d7b9cedda31b
- SSDEEP
  
  3072:nO/6nl92ILkt6i2ox7c39b1a0J86W8xXCKNWOHU/ezYMVWtG4SPUkxbgl:ngFtboVBJtNWyPnYG4fUbk
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence