74ffbebf974d61015fde60ca615c71b5747d769896caf488b534949e98873202

General

Target

file.html.scr
Size

21KB
MD5

526c41c610a041009f1466f55b882063
SHA1

ff51ce695aa471ac5f482cae9d33db9928f12a94
SHA256

6889280387829eab8dc3210c6b8c7d88a19669f533ad75a078454214211df154
SHA512

abdd70d5dc9cd29d97e8824c606a940086a5ce54c525cb55a70dedae754eba2b520f1f637a12332e61a65d2accef9a8179d2efbefe1ed3a93ada091aebded628

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

file.html.scr

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	file.html.scr

Drops file in Program Files directory 64 IoCs

Processes:

file.html.scr

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\Kazaa Lite.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\Winamp 5.0 (en).com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\index.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\Harry Potter.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\index.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\Winamp 5.0 (en) Crack.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\Winamp 5.0 (en).exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\Winamp 5.0 (en) Crack.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\Winamp 5.0 (en).ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\Winamp 5.0 (en).com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\index.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\Kazaa Lite.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\Winamp 5.0 (en).ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ICQ 4 Lite.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\index.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\Kazaa Lite.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\Kazaa Lite.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\Winamp 5.0 (en) Crack.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\Winamp 5.0 (en).exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\Winamp 5.0 (en).exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\Winamp 5.0 (en) Crack.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\ICQ 4 Lite.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\Winamp 5.0 (en).com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\Winamp 5.0 (en) Crack.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\WinRAR.v.3.2.and.key.exe	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ICQ 4 Lite.exe	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\index.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\Harry Potter.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\index.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\Winamp 5.0 (en).exe	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\Winamp 5.0 (en) Crack.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\Winamp 5.0 (en).exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\index.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\Winamp 5.0 (en) Crack.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\Winamp 5.0 (en) Crack.exe	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\index.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\Harry Potter.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\index.ShareReactor.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\WinRAR.v.3.2.and.key.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\WinRAR.v.3.2.and.key.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ICQ 4 Lite.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\Winamp 5.0 (en) Crack.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\index.ShareReactor.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\Kazaa Lite.exe	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Winamp 5.0 (en) Crack.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\Winamp 5.0 (en) Crack.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\Kazaa Lite.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\Harry Potter.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\ICQ 4 Lite.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\VC\Kazaa Lite.ShareReactor.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\Winamp 5.0 (en).exe	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Harry Potter.exe	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\index.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\Harry Potter.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\Winamp 5.0 (en) Crack.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\Harry Potter.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\ICQ 4 Lite.com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WinRAR.v.3.2.and.key.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ICQ 4 Lite.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Winamp 5.0 (en) Crack.ShareReactor.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Winamp 5.0 (en).com	file.html.scr
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Kazaa Lite.exe	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\Harry Potter.com	file.html.scr
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\ICQ 4 Lite.com	file.html.scr

Drops file in Windows directory 2 IoCs

Processes:

file.html.scr

description ioc process

File opened for modification C:\Windows\lsass.exe file.html.scr
File created C:\Windows\lsass.exe file.html.scr

description	ioc	process
File opened for modification	C:\Windows\lsass.exe	file.html.scr
File created	C:\Windows\lsass.exe	file.html.scr

C:\Users\Admin\AppData\Local\Temp\file.html.scr
"C:\Users\Admin\AppData\Local\Temp\file.html.scr" /S
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1776-59-0x0000000075C31000-0x0000000075C33000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing