General
-
Target
03bbbc62ddd986c31658ca36cf622220N.exe
-
Size
71KB
-
Sample
240801-z11mlawfnl
-
MD5
03bbbc62ddd986c31658ca36cf622220
-
SHA1
4ef19d26b8bf15328d85cd16b586ab310601b2b5
-
SHA256
6903f7f66ddcd9ad0bc429b4955e7b7199f054dd593e8d21105025f8d3799b19
-
SHA512
940f528b865a0e1aacded5f9f263f229d1272498d438ecbcfd483ed6c801b057b2f666d91de518503515d7e503f9471a852d123d881e58310a584d3585e86ba2
-
SSDEEP
768:x/nQODtOgZwPeS2oyrw0U/Q7/PM8ee+YLVrvgA4R+Fy0u4ETZC6oLclNLqEntgtt:xo62PVOUY7/2efJDtuZ86LNtG5MiR
Malware Config
Targets
-
-
Target
03bbbc62ddd986c31658ca36cf622220N.exe
-
Size
71KB
-
MD5
03bbbc62ddd986c31658ca36cf622220
-
SHA1
4ef19d26b8bf15328d85cd16b586ab310601b2b5
-
SHA256
6903f7f66ddcd9ad0bc429b4955e7b7199f054dd593e8d21105025f8d3799b19
-
SHA512
940f528b865a0e1aacded5f9f263f229d1272498d438ecbcfd483ed6c801b057b2f666d91de518503515d7e503f9471a852d123d881e58310a584d3585e86ba2
-
SSDEEP
768:x/nQODtOgZwPeS2oyrw0U/Q7/PM8ee+YLVrvgA4R+Fy0u4ETZC6oLclNLqEntgtt:xo62PVOUY7/2efJDtuZ86LNtG5MiR
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1