General
-
Target
382c44b44245ca54d60ef6251edaaab3137d84ad28d4af9c6858dc66f61e5555N.exe
-
Size
23KB
-
Sample
250120-k7hm2aslfr
-
MD5
929ae0392d8810d37a426cf63a0a80d0
-
SHA1
b52af2c2a54014f6bffc68b9897da851c183eaa2
-
SHA256
382c44b44245ca54d60ef6251edaaab3137d84ad28d4af9c6858dc66f61e5555
-
SHA512
6f381c36d60a90ab35ad4baf1b246c4e6093431e0645e6737bd62ca72afc2d79f82b5331931aa618694a462acef7ba229be8c7604e4f85520e0a9eefdba374f9
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXk284ExLO:rRkiLw3HsDSARGG/+4ExLO
Malware Config
Targets
-
-
Target
382c44b44245ca54d60ef6251edaaab3137d84ad28d4af9c6858dc66f61e5555N.exe
-
Size
23KB
-
MD5
929ae0392d8810d37a426cf63a0a80d0
-
SHA1
b52af2c2a54014f6bffc68b9897da851c183eaa2
-
SHA256
382c44b44245ca54d60ef6251edaaab3137d84ad28d4af9c6858dc66f61e5555
-
SHA512
6f381c36d60a90ab35ad4baf1b246c4e6093431e0645e6737bd62ca72afc2d79f82b5331931aa618694a462acef7ba229be8c7604e4f85520e0a9eefdba374f9
-
SSDEEP
384:UBWoC5GDr6wc/w3HgM6vDUTAXBGCVf4WVlFvXk284ExLO:rRkiLw3HsDSARGG/+4ExLO
Score10/10-
Windows security bypass
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Event Triggered Execution: Image File Execution Options Injection
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Indicator Removal: Clear Persistence
remove IFEO.
-
Modifies WinLogon
-
Drops file in System32 directory
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Winlogon Helper DLL
1Event Triggered Execution
1Image File Execution Options Injection
1