General
-
Target
Insta乗っ取り.exe
-
Size
12.8MB
-
Sample
241126-nz6lnszlfz
-
MD5
4c3ace9241d17ae64a93f313fb4392eb
-
SHA1
6f19e4994302965abfb6442c822072737c74f20e
-
SHA256
7f63a4a5b89d5e303a2af0ceafba3708543d058ece827856e3c0c147aa06c941
-
SHA512
f913ab2726661193a54e2b2750c96427d0cb4624aa415e2642fdb3fee5685d2c4053521e1ec47c08bd4aaf61290e46e5a918b30de65f95cad988f7797e8128a5
-
SSDEEP
196608:K4MYg6ZcRQPJcDpkPGnIeA842sIWk/PSF+FqzmFRE+jeqUf9XDLlh5e67Ueno7FU:K4VoRQP+DpkPW9q8qkRE+CquDJCbrJU
Static task
static1
Behavioral task
behavioral1
Sample
Insta乗っ取り.exe
Resource
win11-20241007-en
Malware Config
Targets
-
-
Target
Insta乗っ取り.exe
-
Size
12.8MB
-
MD5
4c3ace9241d17ae64a93f313fb4392eb
-
SHA1
6f19e4994302965abfb6442c822072737c74f20e
-
SHA256
7f63a4a5b89d5e303a2af0ceafba3708543d058ece827856e3c0c147aa06c941
-
SHA512
f913ab2726661193a54e2b2750c96427d0cb4624aa415e2642fdb3fee5685d2c4053521e1ec47c08bd4aaf61290e46e5a918b30de65f95cad988f7797e8128a5
-
SSDEEP
196608:K4MYg6ZcRQPJcDpkPGnIeA842sIWk/PSF+FqzmFRE+jeqUf9XDLlh5e67Ueno7FU:K4VoRQP+DpkPW9q8qkRE+CquDJCbrJU
-
Modifies WinLogon for persistence
-
Blocks application from running via registry modification
Adds application to list of disallowed applications.
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1