092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148

General

Target

092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Size

439KB
MD5

b5daa3b925cb74ea37996a00371c05b7
SHA1

64c048cb54d162241dd51c74ab31edb4f29271d9
SHA256

092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148
SHA512

cd06fb5458183ce4a7c31f636d4e36a5482e221756617e3ff6f9ad5ccda514d09dfeb461fd4ffbe774704bf75bf3a0b487cf332735cbe8ff44550bb18158cdb2

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VLXHCMT5KJ = "C:\\Users\\Admin\\AppData\\Roaming\\AG58FPQON.exe"	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Run	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

pid process

808 092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

pid process

808 092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

pid	process
808	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
808	092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe

C:\Users\Admin\AppData\Local\Temp\092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe
"C:\Users\Admin\AppData\Local\Temp\092b93f2124d076a2b05cb7e1f8eaef57a65ffe29ac71f676d7d0e5191cb4148.exe"
1⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads