General
-
Target
37744ca563e2e3f58fe6b5e0b86dd2e0N.exe
-
Size
68KB
-
Sample
240820-qq281axhpn
-
MD5
37744ca563e2e3f58fe6b5e0b86dd2e0
-
SHA1
457c47e316bba4e474519a103c2e8b14c9392e37
-
SHA256
7d715914daed95fb645e49eb8b292c9ae22333b477644be26f0ce7724062312d
-
SHA512
754c0975841282ab83c6d1be6685dcedff8bd369536c61530897cfd0cd868c61e4455044e068c3b3023df13078502b19af06b080f435916c31f0dcea1c38079e
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8tV:Olg35GTslA5t3/w8tV
Malware Config
Targets
-
-
Target
37744ca563e2e3f58fe6b5e0b86dd2e0N.exe
-
Size
68KB
-
MD5
37744ca563e2e3f58fe6b5e0b86dd2e0
-
SHA1
457c47e316bba4e474519a103c2e8b14c9392e37
-
SHA256
7d715914daed95fb645e49eb8b292c9ae22333b477644be26f0ce7724062312d
-
SHA512
754c0975841282ab83c6d1be6685dcedff8bd369536c61530897cfd0cd868c61e4455044e068c3b3023df13078502b19af06b080f435916c31f0dcea1c38079e
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8tV:Olg35GTslA5t3/w8tV
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1