General
-
Target
646f0410180fb0bb7ff882e0ec3d33dbc529c41e49282db85bd20b7676aa8000N.exe
-
Size
88KB
-
Sample
241130-fx3s1aynbm
-
MD5
61616fda06b8daf259c0a121d1789d70
-
SHA1
a624a79c505c9d4cd3ee6a9b2eac31e76b5b2240
-
SHA256
646f0410180fb0bb7ff882e0ec3d33dbc529c41e49282db85bd20b7676aa8000
-
SHA512
e2c0a636097650ba6f208f3f25fec2add4c283ef35568a10066eb632e5fe2ec8894da99e17a1be562884705cc9f1813f9354bea843b752499253742231d17b0f
-
SSDEEP
768:sIUdWE7LeTqm+63K5a+gN2blw01sZoy4/naT8cIRMtZtUFjHLJgWiEEDZWGxLXle:sJ7LEq6OHg7ro/CQPipwgWiEwgql9Kj
Malware Config
Targets
-
-
Target
646f0410180fb0bb7ff882e0ec3d33dbc529c41e49282db85bd20b7676aa8000N.exe
-
Size
88KB
-
MD5
61616fda06b8daf259c0a121d1789d70
-
SHA1
a624a79c505c9d4cd3ee6a9b2eac31e76b5b2240
-
SHA256
646f0410180fb0bb7ff882e0ec3d33dbc529c41e49282db85bd20b7676aa8000
-
SHA512
e2c0a636097650ba6f208f3f25fec2add4c283ef35568a10066eb632e5fe2ec8894da99e17a1be562884705cc9f1813f9354bea843b752499253742231d17b0f
-
SSDEEP
768:sIUdWE7LeTqm+63K5a+gN2blw01sZoy4/naT8cIRMtZtUFjHLJgWiEEDZWGxLXle:sJ7LEq6OHg7ro/CQPipwgWiEwgql9Kj
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1