956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42

Analysis

max time kernel
151s
max time network
140s
platform
windows7_x64
resource
win7-en
submitted
06-09-2021 13:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Size

157KB
MD5

94f7c4c80eb1723977b6f31dbb0f1b3e
SHA1

a335b3ede802fdb1971b27eb1b3f0996e30237ab
SHA256

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42
SHA512

a25788f6ad990a6c9ae1b0f36a07849e9aadb8283fe5e2385f4686f6d7a3f459c0162c09ce5ff2e831202fc8995143b5cf5f5597d249a3b78afa84a96702e347

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1536	1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	26
PID 1996 wrote to memory of 1536	1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	26
PID 1996 wrote to memory of 1536	1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	26
PID 1996 wrote to memory of 1536	1996	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	26

C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
"C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe"
1⤵
- Modifies Internet Explorer Protected Mode
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
  C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe --vwxyz
  2⤵
  PID:1536

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1996-52-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download