51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-en-20211208
submitted
29-01-2022 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe
Size

125KB
MD5

b2ed9415d7cf9bc06f8ccb8cfdba1ad6
SHA1

02996c6faf5da9f6a6a909fcb800e4490f9406f1
SHA256

51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1
SHA512

44467d76a3549c1ce48b3076302feee8e46afc60724e69be6af31b791683bc67a01a8e34d504af9b959ea79d165ea4fb14126252a649b177e636e5d529a2ee50

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3846991908-3261386348-1409841751-1000\Software\Microsoft\Windows\CurrentVersion\Run\new_bApp = "C:\\Users\\Admin\\AppData\\Roaming\\Windows\\photoview.exe"	51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe

pid	Process
944	51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe

description	pid	Process
Token: SeDebugPrivilege	944	51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe

C:\Users\Admin\AppData\Local\Temp\51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe
"C:\Users\Admin\AppData\Local\Temp\51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-54-0x0000000075431000-0x0000000075433000-memory.dmp

Filesize
8KB

Download
memory/944-55-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download