e23f2e452ca27e821ed6ce386e1e7d5996be52edc1ce678e80ff2aad0edfb30e

Analysis

max time kernel
60s

Sharing

Copy URL

Twitter E-mail

General

Target

Exes_3b8bc9110753815fdcbdb6aecb0f92fa.exe
Sample

190812-nxtm5f8wkx
SHA256

e23f2e452ca27e821ed6ce386e1e7d5996be52edc1ce678e80ff2aad0edfb30e

Score

N/A

Malware Config

Signatures

Suspicious registry modification 26 IoCs

description
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\EnableConsoleTracing = "0"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASAPI32\EnableFileTracing = "0"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASAPI32\EnableConsoleTracing = "0"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASAPI32\FileTracingMask = "4294901760"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASAPI32\ConsoleTracingMask = "4294901760"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASAPI32\MaxFileSize = "1048576"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASAPI32\FileDirectory = "%windir%\\tracing"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASMANCS\EnableFileTracing = "0"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASMANCS\EnableConsoleTracing = "0"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASMANCS\FileTracingMask = "4294901760"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASMANCS\ConsoleTracingMask = "4294901760"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASMANCS\MaxFileSize = "1048576"
\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Exes_3b8bc9110753815fdcbdb6aecb0f92fa_RASMANCS\FileDirectory = "%windir%\\tracing"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000003000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BCA7E43A-7881-42F7-95CC-4CE3D73FB125}\WpadDecisionReason = "1"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BCA7E43A-7881-42F7-95CC-4CE3D73FB125}\WpadDecisionTime = 405676435051d501
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BCA7E43A-7881-42F7-95CC-4CE3D73FB125}\WpadDecision = "3"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{BCA7E43A-7881-42F7-95CC-4CE3D73FB125}\WpadNetworkName = "Network"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-15-75-ab-17-7c\WpadDecisionReason = "1"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-15-75-ab-17-7c\WpadDecisionTime = 405676435051d501
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0e-15-75-ab-17-7c\WpadDecision = "3"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 460000000300000009000000000000000000000000000000040000000000000060fe67435051d501000000000000000000000000020000001700000000000000fe800000000000001c710b0f018387bf0b00000000000000a4116d7678666d7670308472d90600000100000000000000000000000000000040000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a00000b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork = "{BCA7E43A-7881-42F7-95CC-4CE3D73FB125}"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"
\REGISTRY\USER\S-1-5-21-2407604620-1456373808-453316147-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"

Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129
Loads dropped DLL 1 TTPs

Shared Modules
T1129

Analysis

Sharing

General

Malware Config

Signatures

Processes