General
-
Target
gdifuncs.exe
-
Size
5.0MB
-
Sample
240929-x1zn7axbkk
-
MD5
a86ccbf36e5b7e3b1eebed0bb7642b05
-
SHA1
b0a9e18921c5d05db1a4cf5f4abf04b38fdebe2d
-
SHA256
c2055b6d1a4525614e476cd050a64cae479067647ee56f71832c5f97cfac651d
-
SHA512
761cfff624a97a908eadbaf4fe9df56bf7f1093d260f5c8904ff4d47c6d4152f09232a4157e8139e090ff6aaf06d455a21e72170316340c56dd60049f99fb850
-
SSDEEP
98304:/Qz+04D+i4DBz2NHlruSSDllNmd+5z/Le7q2:/QS04D+i4DZmLclKez/Lkq
Static task
static1
Behavioral task
behavioral1
Sample
gdifuncs.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
gdifuncs.exe
-
Size
5.0MB
-
MD5
a86ccbf36e5b7e3b1eebed0bb7642b05
-
SHA1
b0a9e18921c5d05db1a4cf5f4abf04b38fdebe2d
-
SHA256
c2055b6d1a4525614e476cd050a64cae479067647ee56f71832c5f97cfac651d
-
SHA512
761cfff624a97a908eadbaf4fe9df56bf7f1093d260f5c8904ff4d47c6d4152f09232a4157e8139e090ff6aaf06d455a21e72170316340c56dd60049f99fb850
-
SSDEEP
98304:/Qz+04D+i4DBz2NHlruSSDllNmd+5z/Le7q2:/QS04D+i4DZmLclKez/Lkq
Score10/10-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Modifies file permissions
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3