956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42

General

Target

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Size

157KB
MD5

94f7c4c80eb1723977b6f31dbb0f1b3e
SHA1

a335b3ede802fdb1971b27eb1b3f0996e30237ab
SHA256

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42
SHA512

a25788f6ad990a6c9ae1b0f36a07849e9aadb8283fe5e2385f4686f6d7a3f459c0162c09ce5ff2e831202fc8995143b5cf5f5597d249a3b78afa84a96702e347

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

Processes:

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

pid	process
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

description	pid	process	target process
PID 664 wrote to memory of 1960	664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
PID 664 wrote to memory of 1960	664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
PID 664 wrote to memory of 1960	664	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe

C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
"C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe"
1⤵
- Modifies Internet Explorer Protected Mode
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:664
- C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe
  C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42.exe --vwxyz
  2⤵
  PID:1960

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1960-114-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads