General
-
Target
7add8297b3cdd95825211fef00ebf140N.exe
-
Size
70KB
-
Sample
240825-dd1s7avcqk
-
MD5
7add8297b3cdd95825211fef00ebf140
-
SHA1
379e2ddbddc7fe9de57e73efe0a45dcd7bb969ba
-
SHA256
943d8d06b557aeb7994e47ffd47fd725ae065f1415ddcd6f9f5abb1e4527a8af
-
SHA512
29b40100f15bf9231164a35da2b843b334c90e92ad71939a9e69d5ca8511167c1a08fd2257f104cf0bea41678bb2ab5cbe94a6decdafcde43dcc48166d849686
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8V6:Olg35GTslA5t3/w88
Malware Config
Targets
-
-
Target
7add8297b3cdd95825211fef00ebf140N.exe
-
Size
70KB
-
MD5
7add8297b3cdd95825211fef00ebf140
-
SHA1
379e2ddbddc7fe9de57e73efe0a45dcd7bb969ba
-
SHA256
943d8d06b557aeb7994e47ffd47fd725ae065f1415ddcd6f9f5abb1e4527a8af
-
SHA512
29b40100f15bf9231164a35da2b843b334c90e92ad71939a9e69d5ca8511167c1a08fd2257f104cf0bea41678bb2ab5cbe94a6decdafcde43dcc48166d849686
-
SSDEEP
1536:1teqKDlXvCDB04f5Gn/L8FlADNt3d1Hw8V6:Olg35GTslA5t3/w88
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1