General
-
Target
personalize.exe
-
Size
832KB
-
Sample
240630-q76bzsscqq
-
MD5
3780f9b91fde991c40386927dae15096
-
SHA1
0ac6c6284751dd0bac7d58714f899c16da63256a
-
SHA256
8fdbf406fc7490ac24b4c5f61a4b868bd1c892f5ccc4817ec306a8ec9f70e3d7
-
SHA512
f5fcba684cb2b4d8c6000649140e693d1589e7f42cccbd9592d82d4c3c2c2cb635f3c851bdb2c95aa0bb8ed7872c9b6a55d7dec4734ca2da429b257e41246e2c
-
SSDEEP
24576:StA4KdTxn+SoA/baP35yfbSLF2aYVlHvAclDJDb:jdTlzV+P35yfsFI3vAclxb
Static task
static1
Behavioral task
behavioral1
Sample
personalize.exe
Resource
win11-20240508-en
Malware Config
Targets
-
-
Target
personalize.exe
-
Size
832KB
-
MD5
3780f9b91fde991c40386927dae15096
-
SHA1
0ac6c6284751dd0bac7d58714f899c16da63256a
-
SHA256
8fdbf406fc7490ac24b4c5f61a4b868bd1c892f5ccc4817ec306a8ec9f70e3d7
-
SHA512
f5fcba684cb2b4d8c6000649140e693d1589e7f42cccbd9592d82d4c3c2c2cb635f3c851bdb2c95aa0bb8ed7872c9b6a55d7dec4734ca2da429b257e41246e2c
-
SSDEEP
24576:StA4KdTxn+SoA/baP35yfbSLF2aYVlHvAclDJDb:jdTlzV+P35yfsFI3vAclxb
-
Modifies boot configuration data using bcdedit
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Modifies file permissions
-
Adds Run key to start application
-
File and Directory Permissions Modification: Windows File and Directory Permissions Modification
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3Hide Artifacts
2Hidden Files and Directories
2File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1