d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd

Analysis

max time kernel
148s
max time network
117s
platform
windows7_x64
resource
win7-en-20211208
submitted
22-01-2022 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe
Size

825KB
MD5

aafdee89db0e8f4c4010582e8fcc2569
SHA1

bd5ffc93217fc49b1ef922cd2818a6d3bee4b66c
SHA256

d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd
SHA512

7c97644288e5d65d9d65c72943d0a4405acf558742fb494dbff173e452340087044b632ca986f260a416ab31579eb2fcf5b08ef437a66a9d72d1b8ccfcabc12e

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3846991908-3261386348-1409841751-1000\Software\Microsoft\Windows\CurrentVersion\Run\AdobePDF = "\"C:\\Program Files (x86)\\PDF\\PDF.exe\" -a /a"	d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3846991908-3261386348-1409841751-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\AdobePDF = "\"C:\\Program Files (x86)\\PDF\\PDF.exe\" -a /a"	d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\PDF\PDF.exe	d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe
File opened for modification	C:\Program Files (x86)\PDF\PDF.exe	d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1620	d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1620	d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe

C:\Users\Admin\AppData\Local\Temp\d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe
"C:\Users\Admin\AppData\Local\Temp\d8692eee5da95946cd60b044149febc180fd04f33427c22e596f1a3496fb46fd.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1620

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1620-54-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-56-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/1620-57-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/1620-58-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/1620-59-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/1620-60-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/1620-61-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/1620-62-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download
memory/1620-63-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-64-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-65-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-66-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-67-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-71-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-70-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-69-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-74-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-73-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-72-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/1620-68-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-75-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-76-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-77-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-78-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-79-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-80-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-81-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-82-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-83-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-84-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-90-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-91-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-89-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-88-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-87-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-86-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-85-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-93-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-92-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-94-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-97-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-96-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-99-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-100-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-98-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-95-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-104-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-106-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-105-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-103-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-102-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-101-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-107-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-108-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-109-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-110-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-111-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-112-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-113-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-114-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-115-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-116-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-118-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download
memory/1620-117-0x0000000000750000-0x0000000000814000-memory.dmp

Filesize
784KB

Download