General
-
Target
cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534N
-
Size
1.7MB
-
Sample
241031-kynspatlhs
-
MD5
abc6d84e87c6cbb86464bdb5b034fa40
-
SHA1
e5930ff627f98c9f6159eb489f08bd6651573ea3
-
SHA256
cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534
-
SHA512
1f2186332228ec23c993d7812fe2d85d935234929081bbb746e8dcf979d57cf78370836e90106118478ffb91aa2e9c1288f574e16d1275602b77929f8671e173
-
SSDEEP
24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPU:ssnxUp
Behavioral task
behavioral1
Sample
cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534N
-
Size
1.7MB
-
MD5
abc6d84e87c6cbb86464bdb5b034fa40
-
SHA1
e5930ff627f98c9f6159eb489f08bd6651573ea3
-
SHA256
cd08587740b4b4abdca894183791a7ce1f572cde72417322087b2aa4646ed534
-
SHA512
1f2186332228ec23c993d7812fe2d85d935234929081bbb746e8dcf979d57cf78370836e90106118478ffb91aa2e9c1288f574e16d1275602b77929f8671e173
-
SSDEEP
24576:89SQXgnU56Gt4ULYVI8RGwvrK7/ckFLI78cPU:ssnxUp
Score10/10-
Modifies WinLogon for persistence
-
Modifies firewall policy service
-
Adds policy Run key to start application
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
4Active Setup
1Registry Run Keys / Startup Folder
2Winlogon Helper DLL
1Create or Modify System Process
1Windows Service
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Modify Registry
7