d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a

General

Target

d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a.exe
Size

10.7MB
MD5

07b1807952b47a8f9c58f9e8d4f59b23
SHA1

26010b7b15d70c7b68a197d22d6b4688920b8e8c
SHA256

d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a
SHA512

e6676b8bf152eeb9958306f705bd067b2707e8fb6308fb302e746262987a071743244ad684dd478be0550f6f01f6999dcbe69402143fd312293896eae0543af6

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a.exe

C:\Users\Admin\AppData\Local\Temp\d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a.exe
"C:\Users\Admin\AppData\Local\Temp\d1cc10291920bd8b81b958289b991a59de6e9e94dd4ef727ee5dd70842c8757a.exe"
1⤵
- Modifies system certificate store
PID:2028

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2028-0-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download
memory/2028-1-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download
memory/2028-2-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download
memory/2028-3-0x0000000000400000-0x00000000010B2000-memory.dmp

Filesize
12.7MB

Download

Analysis

Sharing