956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42

Analysis

max time kernel
150s
max time network
112s
platform
windows10_x64
resource
win10v20210410
submitted
16-06-2021 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Size

157KB
MD5

94f7c4c80eb1723977b6f31dbb0f1b3e
SHA1

a335b3ede802fdb1971b27eb1b3f0996e30237ab
SHA256

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42
SHA512

a25788f6ad990a6c9ae1b0f36a07849e9aadb8283fe5e2385f4686f6d7a3f459c0162c09ce5ff2e831202fc8995143b5cf5f5597d249a3b78afa84a96702e347

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

Processes:

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

pid	Process
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

description	pid	Process	procid_target
PID 2256 wrote to memory of 808	2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	72
PID 2256 wrote to memory of 808	2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	72
PID 2256 wrote to memory of 808	2256	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	72

C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
"C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe"
1⤵
- Modifies Internet Explorer Protected Mode
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
  C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe --vwxyz
  2⤵
  PID:808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/808-114-0x0000000000000000-mapping.dmp

Download