General
-
Target
129cb1051fb995b0430d33bd0645fc40N.exe
-
Size
21KB
-
Sample
240726-qnn9cszglq
-
MD5
129cb1051fb995b0430d33bd0645fc40
-
SHA1
6c059ba7d4c2a22ae385d0c36e40f70b603ebe79
-
SHA256
ec0721b5b04d16cbf73dda17accc9ae72c06761c462c54a4106d67fb91b0a4ff
-
SHA512
6d67f6bcc54042441e149a1f51bdf0d1497fd89cdc6e6226486c8bf5a2fbada88e85641fcd989015ad079cc2321b47f5eb03d86351a8e4da87325b128770edf0
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXf50605:rRkiLw3HsDSARGG/R0L5
Malware Config
Targets
-
-
Target
129cb1051fb995b0430d33bd0645fc40N.exe
-
Size
21KB
-
MD5
129cb1051fb995b0430d33bd0645fc40
-
SHA1
6c059ba7d4c2a22ae385d0c36e40f70b603ebe79
-
SHA256
ec0721b5b04d16cbf73dda17accc9ae72c06761c462c54a4106d67fb91b0a4ff
-
SHA512
6d67f6bcc54042441e149a1f51bdf0d1497fd89cdc6e6226486c8bf5a2fbada88e85641fcd989015ad079cc2321b47f5eb03d86351a8e4da87325b128770edf0
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXf50605:rRkiLw3HsDSARGG/R0L5
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1