4040ad3437e51139819148ed6378828adcfbd924251af39de8bf100a3a476a63 | Triage

Submit
Reports

Overview

overview

Static

static

3

gdifuncs.exe

windows11-21h2-x64

Sharing

General

Target

gdifuncs.exe
Size

120KB
Sample

240625-ajbvgatakq
MD5

e254e9598ee638c01e5ccc40e604938b
SHA1

541fa2a47f3caaae6aa8f5fbfe4d8aef0001905d
SHA256

4040ad3437e51139819148ed6378828adcfbd924251af39de8bf100a3a476a63
SHA512

92f129a52f2df1f8ed20156e838b79a13baf0cbcdd9c94a5c34f6639c714311f41eb3745fdcc64eac88ce3e6f27d25f9a3250f4ababc630eff7a89802e18b4bb
SSDEEP

1536:DKOz5I1MSx56Hj2UItX85ljPQIe9RoSbGF4q2L6OBIyHwPSYxLanv9QD2i:vteMSMHj/rj1SbGFl2L6CIIw5gv9Qy

Score

10^/10

discovery evasion exploit persistence trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

gdifuncs.exe

Resource

win11-20240508-en

discovery evasion exploit persistence trojan

windows11-21h2-x64

15 signatures

300 seconds

Malware Config

Targets

- Target
  
  gdifuncs.exe
- Size
  
  120KB
- MD5
  
  e254e9598ee638c01e5ccc40e604938b
- SHA1
  
  541fa2a47f3caaae6aa8f5fbfe4d8aef0001905d
- SHA256
  
  4040ad3437e51139819148ed6378828adcfbd924251af39de8bf100a3a476a63
- SHA512
  
  92f129a52f2df1f8ed20156e838b79a13baf0cbcdd9c94a5c34f6639c714311f41eb3745fdcc64eac88ce3e6f27d25f9a3250f4ababc630eff7a89802e18b4bb
- SSDEEP
  
  1536:DKOz5I1MSx56Hj2UItX85ljPQIe9RoSbGF4q2L6OBIyHwPSYxLanv9QD2i:vteMSMHj/rj1SbGFl2L6CIIw5gv9Qy
Score

10^/10

discovery evasion exploit persistence trojan
- Modifies WinLogon for persistence
  persistence
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Modify Registry

Abuse Elevation Control Mechanism

Bypass User Account Control

Impair Defenses

Disable or Modify Tools

File and Directory Permissions Modification

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryevasionexploitpersistencetrojan

© 2018-2024

Terms | Privacy