General
-
Target
dc7b89f8518997f86168ac780025cd60N.exe
-
Size
87KB
-
Sample
240814-qk5f6sthmd
-
MD5
dc7b89f8518997f86168ac780025cd60
-
SHA1
6dcab1569c1f9f641f64b66156f4ead1a037e133
-
SHA256
04c4e69151db0575107e04cb911ae90b5a2ca1bad065b1d25e2cb1e5fb413685
-
SHA512
949494b4693242d4c3a79b1441350dccdc3cb8403f2660e99427683428134aa426e29945fc3e58a371030c08e58b0fe70472161a1e0f89021048a88f657aa1f2
-
SSDEEP
768:3Og167GTCGTL9tCqwhX52pwTu5gV62i9wb4CWYLyAKfPXvByNGOLDd5FBEewN4Wr:x0Y9WV32pau5gV62++Kf/vw/d5Uh4Ah
Malware Config
Targets
-
-
Target
dc7b89f8518997f86168ac780025cd60N.exe
-
Size
87KB
-
MD5
dc7b89f8518997f86168ac780025cd60
-
SHA1
6dcab1569c1f9f641f64b66156f4ead1a037e133
-
SHA256
04c4e69151db0575107e04cb911ae90b5a2ca1bad065b1d25e2cb1e5fb413685
-
SHA512
949494b4693242d4c3a79b1441350dccdc3cb8403f2660e99427683428134aa426e29945fc3e58a371030c08e58b0fe70472161a1e0f89021048a88f657aa1f2
-
SSDEEP
768:3Og167GTCGTL9tCqwhX52pwTu5gV62i9wb4CWYLyAKfPXvByNGOLDd5FBEewN4Wr:x0Y9WV32pau5gV62++Kf/vw/d5Uh4Ah
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1