7a890a283feb9481f3ac02270b8dbb2f28fd734cc6074332fe9ef443b02c8aff

Analysis

max time kernel
147s
max time network
139s
platform
windows7_x64
resource
win7-en
submitted
06-09-2021 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
Size

157KB
MD5

a665ab97bfef87862973bde1bf003a64
SHA1

9be4bde1b4d9c627248f6e23335304f63bbb4cf0
SHA256

7a890a283feb9481f3ac02270b8dbb2f28fd734cc6074332fe9ef443b02c8aff
SHA512

ab43827f6fcd17689108020a1908a2818e4753dcee2209d401fc056f29549abec7e8dfca1eff6bff4987427b002b868ca1e04b9a8c47280304a502fdb7ddff2d

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1669990088-476967504-438132596-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 1768	1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe	26
PID 1032 wrote to memory of 1768	1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe	26
PID 1032 wrote to memory of 1768	1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe	26
PID 1032 wrote to memory of 1768	1032	956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe	26

C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
"C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe"
1⤵
- Modifies Internet Explorer Protected Mode
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe
  C:\Users\Admin\AppData\Local\Temp\956bf1e9f894c0ec5e25bcb7d02273d968620fef9916428760e1feb579b23a42_nocheck.exe --vwxyz
  2⤵
  PID:1768

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-53-0x0000000075B51000-0x0000000075B53000-memory.dmp

Filesize
8KB

Download