Overview

overview

10

Static

static

3

3cd34bb967...0N.exe

windows7-x64

10

3cd34bb967...0N.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    3cd34bb967bcd31d3cef057f0a7842d0N.exe

  • Size

    91KB

  • Sample

    240824-1jpz7sshpj

  • MD5

    3cd34bb967bcd31d3cef057f0a7842d0

  • SHA1

    5261e8e38b4f6ebe3c0046933f2494f8d9950c99

  • SHA256

    1e2d8c806f65c554171d1f7c79715c705ef0234f81a696b6e4d263fdc1b0f350

  • SHA512

    6fcbd15747d8ccd3f4d6bf701dabb9ffff5ec5d36b3232ee57c015aed83d0a2a6b0f723e3454b5cce049e9ac4d8248ae468e03f53a113defea4a4c620d64c146

  • SSDEEP

    1536:1AwEmBT4JzRJwEeUW7f12xULgJzCAwEmBT4JzRJwEeUW7f12xULgJzRD:1Gml41LBu7f1WNCGml41LBu7f1WNRD

Score
10/10
discoveryevasionpersistence

Malware Config

Targets

    • Target

      3cd34bb967bcd31d3cef057f0a7842d0N.exe

    • Size

      91KB

    • MD5

      3cd34bb967bcd31d3cef057f0a7842d0

    • SHA1

      5261e8e38b4f6ebe3c0046933f2494f8d9950c99

    • SHA256

      1e2d8c806f65c554171d1f7c79715c705ef0234f81a696b6e4d263fdc1b0f350

    • SHA512

      6fcbd15747d8ccd3f4d6bf701dabb9ffff5ec5d36b3232ee57c015aed83d0a2a6b0f723e3454b5cce049e9ac4d8248ae468e03f53a113defea4a4c620d64c146

    • SSDEEP

      1536:1AwEmBT4JzRJwEeUW7f12xULgJzCAwEmBT4JzRJwEeUW7f12xULgJzRD:1Gml41LBu7f1WNCGml41LBu7f1WNRD

    Score
    10/10
    discoveryevasionpersistence

    • Modifies WinLogon for persistence

      persistence

    • Modifies visibility of file extensions in Explorer

      evasion

    • Modifies visiblity of hidden/system files in Explorer

      evasion

    • Disables RegEdit via registry modification

      evasion

    • Disables use of System Restore points

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

6
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

1
T1490

Tasks