Overview

overview

8

Static

static

8

080d08c313...e9.exe

windows7_x64

6

080d08c313...e9.exe

windows10_x64

6

Analysis

  • max time kernel
    51s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    08-11-2020 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    080d08c313d734957783069a36fcab4160ab9ae212b861ba8b0d241d07777be9.exe

  • Size

    52KB

  • MD5

    950449f7a3f9040c2326ddcc73776b5e

  • SHA1

    b1045033d3ef88c60aad4c128a6292820258cadf

  • SHA256

    080d08c313d734957783069a36fcab4160ab9ae212b861ba8b0d241d07777be9

  • SHA512

    90433ef9539495ef4de10420c12d8cfae511db057957a869f72cc5a8fff0bcf9ff3a08cd2afd2389f30d7b3a10bd6561e4e602b470f8e47072568f51acbd5755

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\080d08c313d734957783069a36fcab4160ab9ae212b861ba8b0d241d07777be9.exe
    "C:\Users\Admin\AppData\Local\Temp\080d08c313d734957783069a36fcab4160ab9ae212b861ba8b0d241d07777be9.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1684

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads