60fd2a7221bdb61fd1722ccd517f942a1df2ffa7800863f5aced66a51d91a6e3 | Triage

Sharing

General

Target

60fd2a7221bdb61fd1722ccd517f942a1df2ffa7800863f5aced66a51d91a6e3
Size

48KB
Sample

241004-2fkfzszdqk
MD5

10267964dc757361b4f214b0100779e9
SHA1

f04e741a0a48adf47bcb08219c7a72849d399011
SHA256

60fd2a7221bdb61fd1722ccd517f942a1df2ffa7800863f5aced66a51d91a6e3
SHA512

feaafa6e20eb091a7259b6fa875100f0b84059682bf73e1d8f54aa1a5c4394fb4180ac2e9df147f2a8f02e71f92305061a508e852627f8cff539db7cf9b6da13
SSDEEP

768:U71FFoJ8E/wG6B0oPy29B8WtBgfSSHu0e124u:U71FFoJLfa66tsS+0Bu

Score

10^/10

discovery persistence

Malware Config

Targets

- Target
  
  60fd2a7221bdb61fd1722ccd517f942a1df2ffa7800863f5aced66a51d91a6e3
- Size
  
  48KB
- MD5
  
  10267964dc757361b4f214b0100779e9
- SHA1
  
  f04e741a0a48adf47bcb08219c7a72849d399011
- SHA256
  
  60fd2a7221bdb61fd1722ccd517f942a1df2ffa7800863f5aced66a51d91a6e3
- SHA512
  
  feaafa6e20eb091a7259b6fa875100f0b84059682bf73e1d8f54aa1a5c4394fb4180ac2e9df147f2a8f02e71f92305061a508e852627f8cff539db7cf9b6da13
- SSDEEP
  
  768:U71FFoJ8E/wG6B0oPy29B8WtBgfSSHu0e124u:U71FFoJLfa66tsS+0Bu
Score

10^/10

discovery persistence
- Modifies WinLogon for persistence
  persistence
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Modifies WinLogon
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence