Overview

overview

10

Static

static

3

MfW10_Fix_...om.dll

windows11-21h2-x64

MfW10_Fix_...er.exe

windows11-21h2-x64

Resubmissions

28/03/2025, 20:09

250328-yxltlasmy3 10

28/03/2025, 19:54

250328-ym1vrszzhy 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MfW10_Fix_Repair_UWP_V2_Generic.zip

  • Size

    3.5MB

  • Sample

    250328-yxltlasmy3

  • MD5

    a7ee4902dd807e25aba2448688553d0b

  • SHA1

    9f5be24bee398c49b2bfc411dfcd666a3932c7fc

  • SHA256

    cbfbec1a1000c8f26e8571ee40149181769b7b3e726a106ca0873395ff60b0f7

  • SHA512

    f3e06bfbb064b2ef36421d9ea70e0f1a9c06326a0a46d75b4435b75d48dbd8658b806cacd228ef58e01b516fe2204f7a4f384c573b8db521a7875df5b7031c8f

  • SSDEEP

    98304:PUfhipI9WtXfoZNk0Zs3YAJW+y4sxG59Z:+iphlP0ZsoAJXsxG5D

Score
10/10
defense_evasiondiscoverypersistenceransomwaretrojan

Malware Config

Targets

    • Target

      MfW10_Fix_Repair_UWP_V2_Generic/Custom.dll

    • Size

      3.6MB

    • MD5

      28c87bb3b0a5ca2c9808e83993c3da03

    • SHA1

      babdb64f468b6893b7798a166d484f1926ec599a

    • SHA256

      c53e2fe707e0a58286c0ca7e15988c7e07a5c6609744465d5099131d115d4a3d

    • SHA512

      106dfbded22dae2f0d10655ae555e9e7fbe5f5aa28f38a01879ee898dba3e7f7ccd5658d8670f5b1f922e3cd2a2a90d6d9c557f95da239ceb7b4cfe65508999c

    • SSDEEP

      98304:5tqYopU5sN4sxMFCh2+cGjeQTBTb6rJBy7ZA9p:5tqYopzeS1hF56rJBy7O

    Score
    10/10
    defense_evasiondiscoverypersistenceransomwaretrojan
    behavioral1

    • Target

      MfW10_Fix_Repair_UWP_V2_Generic/Launcher.exe

    • Size

      347KB

    • MD5

      0d99a45748e44931d02fb41e9109e75f

    • SHA1

      bd0663ac151d9ae98775f09cfd8474ba6eaf0c4c

    • SHA256

      af297a03aa02c3f3f77ab8c61d9e89f952c7ee41e646d6a93a0e2f050eb7c81f

    • SHA512

      94b26a2347dce07002cb7a984c46005b7e5094f822f919c9045404181479a736bb86d9a04ac3277c4c98fe08e6466e412bd3232d4273f5371bc5e3456860eb1d

    • SSDEEP

      6144:XUMx/y5qZuafofZMfwZj7CKIbohmTvI8+Z8xgBSl:EK8VfwwZjYboJ7Zno

    Score
    10/10
    defense_evasiondiscoverypersistenceransomwaretrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      defense_evasiontrojan

    • Disables RegEdit via registry modification

      defense_evasion

    • Downloads MZ/PE file

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Sets desktop wallpaper using registry

      ransomware
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Boot or Logon Autostart Execution

2
T1547

Winlogon Helper DLL

2
T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

6
T1112

Subvert Trust Controls

1
T1553

SIP and Trust Provider Hijacking

1
T1553.003

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Defacement

1
T1491

Tasks