Task
task1
Resource
win7
0 signatures
Task
task2
Resource
win10
0 signatures
General
-
Target
Exes_b93017f6a9ca17274861f865f069b975.exe
-
Sample
190903-ndr16jzc9n
-
SHA256
9f14545a75612f60f8133b5f2d5444dd016a5a7043b54041e386e8d3eaad6079
Score
N/A
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx
-
Modifies security service 2 TTPs 5 IoCs
Processes:
Exes_b93017f6a9ca17274861f865f069b975.exeat description ioc process 1671 Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List Exes_b93017f6a9ca17274861f865f069b975.exe 1687 Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile Exes_b93017f6a9ca17274861f865f069b975.exe 1687 Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications Exes_b93017f6a9ca17274861f865f069b975.exe 1687 Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List Exes_b93017f6a9ca17274861f865f069b975.exe 1687 Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\AppData\Local\Temp\Exes_b93017f6a9ca17274861f865f069b975.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Exes_b93017f6a9ca17274861f865f069b975.exe:*:Enabled:@xpsp2res.dll,-22008" Exes_b93017f6a9ca17274861f865f069b975.exe -
Modifies service 2 TTPs 3 IoCs
Processes:
Exes_b93017f6a9ca17274861f865f069b975.exeat description ioc process 1671 Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess Exes_b93017f6a9ca17274861f865f069b975.exe 1687 Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters Exes_b93017f6a9ca17274861f865f069b975.exe 1687 Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy Exes_b93017f6a9ca17274861f865f069b975.exe
Processes
Network
MITRE ATT&CK Enterprise v15
MITRE ATT&CK Additional techniques
- T1031