d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22

General

Target

d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22.exe
Size

10.7MB
MD5

041ad9836e262c58ec636464f2157a12
SHA1

0f1b0d78c3678ed0d8786630b9fb0ebdad877c57
SHA256

d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22
SHA512

dea2f59c2cf73d0ff29fa4bd4280ac38b8d2658ed616f739f06a05e746a386369fd6349e5f1f5d9ce180a5e1af76959da5b278321b3cda3d35cdc556cf09fb27

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22.exe

C:\Users\Admin\AppData\Local\Temp\d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22.exe
"C:\Users\Admin\AppData\Local\Temp\d730c418e87faaa873c3abe1e974aa0ee05a106c296727e24e143d509655dd22.exe"
1⤵
- Modifies system certificate store
PID:308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/308-0-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download
memory/308-1-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download
memory/308-2-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download
memory/308-3-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download

Analysis

Sharing