17c3db2fc1bbf6f352af74ec2ad67eef16e1427d20fa770a3cbe41a4e24388a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

17c3db2fc1bbf6f352af74ec2ad67eef16e1427d20fa770a3cbe41a4e24388a8
Size

360KB
Sample

240807-qygx2azajk
MD5

4855d69cbcfde512b75b6418243f1004
SHA1

bbb45a8591098db4dec734ecdf2ef14226dea4c8
SHA256

17c3db2fc1bbf6f352af74ec2ad67eef16e1427d20fa770a3cbe41a4e24388a8
SHA512

f756e2fb71616e0067764020d3cbddafe778b9b7cf433bc0f0fa7810d3c73158d63c58a284d1491ec5adea1f5ff5203046913f7a02c5675825a5d0fe2717ddb9
SSDEEP

6144:11vBWzTdw/Wv0kse6VlWT8b9BANPjSq1b8OPTN6dUDn:TwTHsPVle8cQ+/

Score

10^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  17c3db2fc1bbf6f352af74ec2ad67eef16e1427d20fa770a3cbe41a4e24388a8
- Size
  
  360KB
- MD5
  
  4855d69cbcfde512b75b6418243f1004
- SHA1
  
  bbb45a8591098db4dec734ecdf2ef14226dea4c8
- SHA256
  
  17c3db2fc1bbf6f352af74ec2ad67eef16e1427d20fa770a3cbe41a4e24388a8
- SHA512
  
  f756e2fb71616e0067764020d3cbddafe778b9b7cf433bc0f0fa7810d3c73158d63c58a284d1491ec5adea1f5ff5203046913f7a02c5675825a5d0fe2717ddb9
- SSDEEP
  
  6144:11vBWzTdw/Wv0kse6VlWT8b9BANPjSq1b8OPTN6dUDn:TwTHsPVle8cQ+/
Score

10^/10

persistence privilege_escalation
- Modifies WinLogon for persistence
  persistence
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

AppInit DLLs

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

AppInit DLLs

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation