573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3

General

Target

573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Size

1.1MB
MD5

be658b42988db5581647601aed6ee9b3
SHA1

7ae266af34b141369201fe5dc54812d6a135a310
SHA256

573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3
SHA512

911e9639a327537960c2e393a812543c1f0f7b42b37b083e5bcae2ec65ab29e7f5e2399cb4e46da899ae8c7627b844a765e29f519a9ff1c7c4d65dcc4c82185e

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Key created	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2455352368-1077083310-2879168483-1000\Software\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

pid process

1988 573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

pid process

1988 573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

pid	process
1988	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
1988	573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe

C:\Users\Admin\AppData\Local\Temp\573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe
"C:\Users\Admin\AppData\Local\Temp\573e3ce4dcfe2a12a7e25d937ff537d6bde831a091637e27fdd86739016fc3c3.exe"
1⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:1988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads