General
-
Target
f5c09930dd903d6134a3d896827c7605689972468042dd429c6f1ea6172361ab
-
Size
36KB
-
Sample
241121-pxgp7s1hke
-
MD5
1e7e657e12560c3b7d950001a38cc8b1
-
SHA1
675d1cce2c0125f37871faa9dccc423f72a9a882
-
SHA256
f5c09930dd903d6134a3d896827c7605689972468042dd429c6f1ea6172361ab
-
SHA512
a41e1b7ec27b74fc5ae6a6057d1cf56ebf658bfccecc7e0cfd68b9aa1d36b9141f0765d612b7f367f5f5e74d4964c3323c7f3a05cd7eb728cadb9387cd836abb
-
SSDEEP
768:sIUmhCfRKfmrEhjR2cS5fzWbAGO8azppk9SNKGCc:sAhCZKfmrqjRu5fibAF8qYSNKhc
Malware Config
Targets
-
-
Target
f5c09930dd903d6134a3d896827c7605689972468042dd429c6f1ea6172361ab
-
Size
36KB
-
MD5
1e7e657e12560c3b7d950001a38cc8b1
-
SHA1
675d1cce2c0125f37871faa9dccc423f72a9a882
-
SHA256
f5c09930dd903d6134a3d896827c7605689972468042dd429c6f1ea6172361ab
-
SHA512
a41e1b7ec27b74fc5ae6a6057d1cf56ebf658bfccecc7e0cfd68b9aa1d36b9141f0765d612b7f367f5f5e74d4964c3323c7f3a05cd7eb728cadb9387cd836abb
-
SSDEEP
768:sIUmhCfRKfmrEhjR2cS5fzWbAGO8azppk9SNKGCc:sAhCZKfmrqjRu5fibAF8qYSNKhc
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1