6d14aad52831c3a63ab654bbed421c52508aab7a8134f532ec978c15761e2560 | Triage

Sharing

General

Target

29650e74777c1215eeddc74cc1278030N.exe
Size

204KB
Sample

240802-az78lsvfmq
MD5

29650e74777c1215eeddc74cc1278030
SHA1

ef52b24054a99e7e63d556d7e5f95b8726aa86e0
SHA256

6d14aad52831c3a63ab654bbed421c52508aab7a8134f532ec978c15761e2560
SHA512

706b9f13f90c733795e1e6a8eca190466c5618b9193c0f1d9d2796f9cc0658f3a01ddb1e7d27bb84aab4c758845df422970a6d89f1da51142282285ce3eafc9f
SSDEEP

3072:b5u7yT4TVbkuRaX1w71jnRkCoyJTarYWbV+HOFxg+z1WxJsqWkoyjOowUVl/TlAQ:bLexkuRaX41xoyJV65gzyZko+uc

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  29650e74777c1215eeddc74cc1278030N.exe
- Size
  
  204KB
- MD5
  
  29650e74777c1215eeddc74cc1278030
- SHA1
  
  ef52b24054a99e7e63d556d7e5f95b8726aa86e0
- SHA256
  
  6d14aad52831c3a63ab654bbed421c52508aab7a8134f532ec978c15761e2560
- SHA512
  
  706b9f13f90c733795e1e6a8eca190466c5618b9193c0f1d9d2796f9cc0658f3a01ddb1e7d27bb84aab4c758845df422970a6d89f1da51142282285ce3eafc9f
- SSDEEP
  
  3072:b5u7yT4TVbkuRaX1w71jnRkCoyJTarYWbV+HOFxg+z1WxJsqWkoyjOowUVl/TlAQ:bLexkuRaX41xoyJV65gzyZko+uc
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence