Overview

overview

10

Static

static

1

groxmc.png

windows11-21h2-x64

Resubmissions

11-08-2024 09:34

240811-lj7spatfmr 3

11-08-2024 09:33

240811-ljm4aatflj 10

11-08-2024 09:30

240811-lgn8katenn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    groxmc.png

  • Size

    2KB

  • Sample

    240811-lgn8katenn

  • MD5

    5023085e12fb0144d7b97ef02a9f3087

  • SHA1

    241799fdb6fad6beacd8940e3126a4be043b47ee

  • SHA256

    bfddb29a0802115a8fb0192c82a7dce62c2665cae567f7874cd11a1b7fa4a344

  • SHA512

    c72ab5bb7b33f49945cb8b248cc114ae84fb6dd58f876c121c1ddb5b64e38ef7b637fbc2df5c74568ab8d385b76d9798195a61d1b494baed33b61231135db5e6

Score
10/10
defense_evasiondiscoveryevasionpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      groxmc.png

    • Size

      2KB

    • MD5

      5023085e12fb0144d7b97ef02a9f3087

    • SHA1

      241799fdb6fad6beacd8940e3126a4be043b47ee

    • SHA256

      bfddb29a0802115a8fb0192c82a7dce62c2665cae567f7874cd11a1b7fa4a344

    • SHA512

      c72ab5bb7b33f49945cb8b248cc114ae84fb6dd58f876c121c1ddb5b64e38ef7b637fbc2df5c74568ab8d385b76d9798195a61d1b494baed33b61231135db5e6

    Score
    10/10
    defense_evasiondiscoveryevasionpersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

5
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

1
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Tasks