90d5792fd0a2ab859f120bef8f12a28c8f7e4119a43054c22db57e76c7b386a0

Analysis

max time kernel
134s
max time network
137s
platform
windows10_x64
resource
win10
submitted
10-07-2020 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Payment_details.exe
Size

1.5MB
MD5

c0418cf3c3252f74c1fb01e273c1fb12
SHA1

0dda517deda93a3fd0657284857d001ad8572d43
SHA256

90d5792fd0a2ab859f120bef8f12a28c8f7e4119a43054c22db57e76c7b386a0
SHA512

4f4ef54cc3380234330c8962cc97913782dac7bd948e50a32501c84d493ff923796ac1822b6e5ba0465f0903f4d221af0fb9bf92595165df78f68937158cd1bc

Score

6^/10

persistence

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Payment_details.exe

description	pid	process	target process
PID 792 wrote to memory of 3000	792	Payment_details.exe	ieinstal.exe
PID 792 wrote to memory of 3000	792	Payment_details.exe	ieinstal.exe
PID 792 wrote to memory of 3000	792	Payment_details.exe	ieinstal.exe

Adds Run entry to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Payment_details.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Gkrr = "C:\\Users\\Admin\\AppData\\Local\\Gkrr\\Gkrr.hta"	Payment_details.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

C:\Users\Admin\AppData\Local\Temp\Payment_details.exe
"C:\Users\Admin\AppData\Local\Temp\Payment_details.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Adds Run entry to start application
PID:792

C:\Program Files (x86)\internet explorer\ieinstal.exe
"C:\Program Files (x86)\internet explorer\ieinstal.exe"
2⤵
PID:3000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads