a3f0540bdba7548e3dd358dc3f1e500c49a932a367b869eb6d9c23a0b3aa971e | Triage

Sharing

General

Target

a3f0540bdba7548e3dd358dc3f1e500c49a932a367b869eb6d9c23a0b3aa971e
Size

606KB
Sample

240829-vh4t3stflk
MD5

755eb8b506abca0775abfecac004511c
SHA1

94755934eb50b64d3c38d3f480013a5e79fe2fa3
SHA256

a3f0540bdba7548e3dd358dc3f1e500c49a932a367b869eb6d9c23a0b3aa971e
SHA512

8475dca65e46b8d5a783eee62de4ad8e8230b8dc15b93943b7bf62263aa067d3491fc02731bc795c5ab9f9169036dec6bc083422a2d9575413b0d16dabd09562
SSDEEP

6144:1x88WAnqSpA55bOqmTvK7lmSqEmrV5e6VlWT8b93LeLk0FouiaMrLbHq1hyrMtJ0:168WAn2y5PVle81pMMrnfNTMlk

Score

10^/10

persistence privilege_escalation

Malware Config

Targets

- Target
  
  a3f0540bdba7548e3dd358dc3f1e500c49a932a367b869eb6d9c23a0b3aa971e
- Size
  
  606KB
- MD5
  
  755eb8b506abca0775abfecac004511c
- SHA1
  
  94755934eb50b64d3c38d3f480013a5e79fe2fa3
- SHA256
  
  a3f0540bdba7548e3dd358dc3f1e500c49a932a367b869eb6d9c23a0b3aa971e
- SHA512
  
  8475dca65e46b8d5a783eee62de4ad8e8230b8dc15b93943b7bf62263aa067d3491fc02731bc795c5ab9f9169036dec6bc083422a2d9575413b0d16dabd09562
- SSDEEP
  
  6144:1x88WAnqSpA55bOqmTvK7lmSqEmrV5e6VlWT8b93LeLk0FouiaMrLbHq1hyrMtJ0:168WAn2y5PVle81pMMrnfNTMlk
Score

10^/10

persistence privilege_escalation
- Modifies WinLogon for persistence
  persistence
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

AppInit DLLs

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

AppInit DLLs

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalation

behavioral2

persistenceprivilege_escalation