ab83d0aa6a9db035e8ad1d885ffaec95be2c54ede29aaea31bd35e7b9459eaa9 | Triage

Analysis

max time kernel
2s
max time network
8s
platform
windows7_x64
resource
win7v20210410
submitted
16-04-2021 03:26

Sharing

Report Analysis Logs

General

Target

AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
Size

14.9MB
MD5

9dee1357e73bf18ca611e1b0d758435b
SHA1

aeddcc6022b2f1efdb2b65a558ca930c4b7cbb65
SHA256

ab83d0aa6a9db035e8ad1d885ffaec95be2c54ede29aaea31bd35e7b9459eaa9
SHA512

91feb26965514c1e5ad473460bf807ec1459e6e9f02b07f7720a81fdaf3ba0c67592beb25e86fa158a4df67f388d27733c9a7d32e5027a104559bf82753d30aa

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

Processes:

AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe

Modifies data under HKEY_USERS 6 IoCs

Processes:

AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exeAB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe

pid process

1888 AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
1368 AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe

C:\Users\Admin\AppData\Local\Temp\AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
"C:\Users\Admin\AppData\Local\Temp\AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888

C:\Users\Admin\AppData\Local\Temp\AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
C:\Users\Admin\AppData\Local\Temp\AB83D0AA6A9DB035E8AD1D885FFAEC95BE2C54EDE29AA.exe
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1368

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1368-63-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1888-60-0x0000000075161000-0x0000000075163000-memory.dmp

Filesize
8KB

Download
memory/1888-62-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download