General
-
Target
32a11072752fb0093b0bdcfb770c24e39f585adde55fc7fcf481a9bb32cd31d3N.exe
-
Size
55KB
-
Sample
241113-j2m5ws1ncm
-
MD5
0b2c378b1f320428aac0f117470e20e0
-
SHA1
436e3ee0581c2cd94b9727b66cfea6b603a1fccd
-
SHA256
32a11072752fb0093b0bdcfb770c24e39f585adde55fc7fcf481a9bb32cd31d3
-
SHA512
0627e93b3f1c204c2754b34ace2e12134d3e774fd9e15d2eea4789cd6dcdf5b20857eba5aa972f65f229ca9b9e2e49b204c693daf5d1df0586f4f98b832c55be
-
SSDEEP
1536:61SdpUqvpSoj3UQWf81J195mdwnouy8w:61Sd9nUQWQaWout
Static task
static1
Behavioral task
behavioral1
Sample
32a11072752fb0093b0bdcfb770c24e39f585adde55fc7fcf481a9bb32cd31d3N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
32a11072752fb0093b0bdcfb770c24e39f585adde55fc7fcf481a9bb32cd31d3N.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
32a11072752fb0093b0bdcfb770c24e39f585adde55fc7fcf481a9bb32cd31d3N.exe
-
Size
55KB
-
MD5
0b2c378b1f320428aac0f117470e20e0
-
SHA1
436e3ee0581c2cd94b9727b66cfea6b603a1fccd
-
SHA256
32a11072752fb0093b0bdcfb770c24e39f585adde55fc7fcf481a9bb32cd31d3
-
SHA512
0627e93b3f1c204c2754b34ace2e12134d3e774fd9e15d2eea4789cd6dcdf5b20857eba5aa972f65f229ca9b9e2e49b204c693daf5d1df0586f4f98b832c55be
-
SSDEEP
1536:61SdpUqvpSoj3UQWf81J195mdwnouy8w:61Sd9nUQWQaWout
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Modifies visiblity of hidden/system files in Explorer
-
Disables RegEdit via registry modification
-
Disables use of System Restore points
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
2Change Default File Association
1Image File Execution Options Injection
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
8