Task
task1
Task
task2
General
-
Target
Exes_dd8f071fcfb80b5473bc189d7ae19e5c.jpg
-
Sample
190824-k2knn7jdzj
-
SHA256
5a44a65204e80f8abc824cee0b02b8ada9c8b2651ccd49aeda32d4e2dbdf5106
Score
N/A
Malware Config
Signatures
-
Suspicious use of UnmapMainImage 1 TTPs
-
Adds Run entry to start application 2 TTPs 2 IoCs
description \REGISTRY\USER\S-1-5-21-3740240129-2853759884-3633044100-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (CreateKeyEx) \REGISTRY\USER\S-1-5-21-3740240129-2853759884-3633044100-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" -
Suspicious registry modification 1 IoCs
description \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\System32\Configuration\xVersion = "4.0.0.1" -
Suspicious behavior: EnumeratesProcesses
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Drops file in system dir 1 IoCs
description C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6c-0\Microsoft.PowerShell.Diagnostics.Activities.dll -
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Loads dropped DLL 1 TTPs
-
Drops file in system dir 2 IoCs
description C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\4bc-0\System.Management.Automation.dll C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\ed18cbebc219551b9c8751127acc37ae\System.Management.Automation.ni.dll.aux.tmp -
Loads dropped DLL 1 TTPs
-
troldesh family