d648680e37f6dce7c4cd5bd386d12a5f670d20cb17481bee63f8a6efb530d147 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dgsfdswdewfcsdfffffffff.exe
Size

374KB
Sample

240819-p514taveqa
MD5

5704d6d6202873f6de59c63587109cf8
SHA1

5723f27158b3d44681a6f000bd376434370d28bc
SHA256

d648680e37f6dce7c4cd5bd386d12a5f670d20cb17481bee63f8a6efb530d147
SHA512

34e300d951019b9eb8489af7328ca4e189ef1558bc9646e831dae654abf988740e6cbcdef4a17cede7ebbec9f6fd3308b4acce7511001310d85d8b138668d054
SSDEEP

6144:rZ80IBKNac9MhPRjyMzwmueLxnBA15VEwbRp0uTBj:qb8N3MhZ5z9LxiJ0uT9

Score

10^/10

discovery persistence privilege_escalation

Malware Config

Targets

- Target
  
  dgsfdswdewfcsdfffffffff.exe
- Size
  
  374KB
- MD5
  
  5704d6d6202873f6de59c63587109cf8
- SHA1
  
  5723f27158b3d44681a6f000bd376434370d28bc
- SHA256
  
  d648680e37f6dce7c4cd5bd386d12a5f670d20cb17481bee63f8a6efb530d147
- SHA512
  
  34e300d951019b9eb8489af7328ca4e189ef1558bc9646e831dae654abf988740e6cbcdef4a17cede7ebbec9f6fd3308b4acce7511001310d85d8b138668d054
- SSDEEP
  
  6144:rZ80IBKNac9MhPRjyMzwmueLxnBA15VEwbRp0uTBj:qb8N3MhZ5z9LxiJ0uT9
Score

10^/10

discovery persistence privilege_escalation
- Modifies WinLogon for persistence
  persistence
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Accessibility Features

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Event Triggered Execution

Accessibility Features

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation