50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786

Analysis

max time kernel
134s
max time network
154s
platform
windows7_x64
resource
win7-en-20211208
submitted
29-01-2022 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe
Size

89KB
MD5

92f78a182faf26550d6fab2d9ec0692d
SHA1

3abd37f20fa74462f4e49d24b38e33889da22a63
SHA256

50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786
SHA512

b5888ba00a5f38c6927a13ab5ccd809243b9fc3e3ab3a4ab9ddc93ce9dc1515ea2cbf3d6974cca3a455ec99a61f9da2aa76a2aed21d434b5349fbc8e332bd521

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3846991908-3261386348-1409841751-1000\Software\Microsoft\Windows\CurrentVersion\Run\mse_mainApp = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\msodefender.exe"	50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe

pid	Process
856	50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe
856	50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe

description	pid	Process
Token: SeDebugPrivilege	856	50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe

C:\Users\Admin\AppData\Local\Temp\50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe
"C:\Users\Admin\AppData\Local\Temp\50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-54-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/856-55-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download