8f787ad8df4ea3ee0c0940cf5170cccffa5c5783f065b89581de06c53a20b30c

Analysis

max time kernel
88s
max time network
83s
platform
windows7_x64
resource
win7v200430
submitted
07/07/2020, 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eSlipgqm.exe
Size

913KB
MD5

643d8efc8b76e065a277f18e31c22789
SHA1

402e6c201ce14042b7c70bbf733a95119d23cc87
SHA256

8f787ad8df4ea3ee0c0940cf5170cccffa5c5783f065b89581de06c53a20b30c
SHA512

3427a7fca23990c8ccbd3e638c5ffbd4b6ad7e811e22db9d9596b563d82c676a8743119428a971a2835a8d2e5e8746a358e6be89bc0642f11f5317b0734b2735

Score

6^/10

persistence

Malware Config

Signatures

Adds Run entry to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\eSlip = "C:\\Users\\Admin\\AppData\\Local\\eSlip\\eSlip.hta"	eSlipgqm.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\eSlipgqm.exe
"C:\Users\Admin\AppData\Local\Temp\eSlipgqm.exe"
1⤵
- Adds Run entry to start application
PID:1296

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...