General
-
Target
ce58aec7c94682722b27ee142432b7a0N.exe
-
Size
163KB
-
Sample
240813-3gz4ha1eqe
-
MD5
ce58aec7c94682722b27ee142432b7a0
-
SHA1
15b2736528406ead2a6692c44aa4ce6cd1013e82
-
SHA256
130bb4e42716a0e7210a60f79821ab6fcf603bff5d9c9a10d68b7e0f948aba57
-
SHA512
1de43ab56d3c3f14ec495155bac3a63333dfd9aeb16a892fac5f155084de18c2a00a01d8914c354cff7d9845db925a466b82a73f4ec5627a0ae8f4e1d7604cca
-
SSDEEP
768:sIUtPQFeHCNGSTwKjWvRpK/4/jeOBEs44yPnvDeo3ojbwHakFPqxSbFJblFsKl6z:sPYUFSTDf4b32nvbsEZCwbFJbQKoVR
Malware Config
Targets
-
-
Target
ce58aec7c94682722b27ee142432b7a0N.exe
-
Size
163KB
-
MD5
ce58aec7c94682722b27ee142432b7a0
-
SHA1
15b2736528406ead2a6692c44aa4ce6cd1013e82
-
SHA256
130bb4e42716a0e7210a60f79821ab6fcf603bff5d9c9a10d68b7e0f948aba57
-
SHA512
1de43ab56d3c3f14ec495155bac3a63333dfd9aeb16a892fac5f155084de18c2a00a01d8914c354cff7d9845db925a466b82a73f4ec5627a0ae8f4e1d7604cca
-
SSDEEP
768:sIUtPQFeHCNGSTwKjWvRpK/4/jeOBEs44yPnvDeo3ojbwHakFPqxSbFJblFsKl6z:sPYUFSTDf4b32nvbsEZCwbFJbQKoVR
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1