0f3e338fb27e08a0b3c404f4635722047235bef8ac1d7adb8967942891195400 | Triage

Submit
Reports

Overview

overview

Static

static

3

0f3e338fb2...0N.exe

windows7-x64

0f3e338fb2...0N.exe

windows10-2004-x64

Sharing

General

Target

0f3e338fb27e08a0b3c404f4635722047235bef8ac1d7adb8967942891195400N
Size

488KB
Sample

241014-ykawkaxarq
MD5

1cb6599d499046914145363734d37450
SHA1

a41ff53d0cda57de3caa7d0c4aa25b422498c0e3
SHA256

0f3e338fb27e08a0b3c404f4635722047235bef8ac1d7adb8967942891195400
SHA512

50fb387b5f1c542844e884d73521d18d0da8ee91672704d4deec09c2e80be5abd85e8b8540937e26da9a3ebba0c11e474bbb8b1b85705ed5df58fb725f5f36c7
SSDEEP

12288:V/Ms/MP/Mx/M7/Mx/M4/MpBE/Mk/M2/M1:VPK2O2HIBEd7M

Score

10^/10

discovery evasion persistence

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0f3e338fb27e08a0b3c404f4635722047235bef8ac1d7adb8967942891195400N.exe

Resource

win7-20240729-en

discovery evasion persistence

windows7-x64

28 signatures

120 seconds

Behavioral task

behavioral2

Sample

0f3e338fb27e08a0b3c404f4635722047235bef8ac1d7adb8967942891195400N.exe

Resource

win10v2004-20241007-en

discovery evasion persistence

windows10-2004-x64

27 signatures

120 seconds

Malware Config

Targets

- Target
  
  0f3e338fb27e08a0b3c404f4635722047235bef8ac1d7adb8967942891195400N
- Size
  
  488KB
- MD5
  
  1cb6599d499046914145363734d37450
- SHA1
  
  a41ff53d0cda57de3caa7d0c4aa25b422498c0e3
- SHA256
  
  0f3e338fb27e08a0b3c404f4635722047235bef8ac1d7adb8967942891195400
- SHA512
  
  50fb387b5f1c542844e884d73521d18d0da8ee91672704d4deec09c2e80be5abd85e8b8540937e26da9a3ebba0c11e474bbb8b1b85705ed5df58fb725f5f36c7
- SSDEEP
  
  12288:V/Ms/MP/Mx/M7/Mx/M4/MpBE/Mk/M2/M1:VPK2O2HIBEd7M
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.