General
-
Target
4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add
-
Size
52KB
-
Sample
241104-13mzysyfjr
-
MD5
ba8afb71380cde860f2984b7dfe784dc
-
SHA1
143276cf5c6ce3d6070714c4b3afcd4b0e392adf
-
SHA256
4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add
-
SHA512
7194cac449cf5cc2ed3774695902b5821710cba83b4801669f1589d295fc23b9941d89da0e4714968462880562896cd60a5a2115f14fd60e3661e5a327243493
-
SSDEEP
1536:dU6JhlQvW4R8ZDW2OsdCj7VhJ/YY5rInouy8r:dRhlARSOsdwD/98out
Static task
static1
Behavioral task
behavioral1
Sample
4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add
-
Size
52KB
-
MD5
ba8afb71380cde860f2984b7dfe784dc
-
SHA1
143276cf5c6ce3d6070714c4b3afcd4b0e392adf
-
SHA256
4a081f5e3e7223fca984d8c6e98a250856d3029c761a9cc21bdbbffa7b199add
-
SHA512
7194cac449cf5cc2ed3774695902b5821710cba83b4801669f1589d295fc23b9941d89da0e4714968462880562896cd60a5a2115f14fd60e3661e5a327243493
-
SSDEEP
1536:dU6JhlQvW4R8ZDW2OsdCj7VhJ/YY5rInouy8r:dRhlARSOsdwD/98out
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
8