eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3 | Triage

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-en-20211208
submitted
01-02-2022 02:46

Sharing

Report Analysis Logs

General

Target

eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3.exe
Size

395KB
MD5

a832b94e99ed832d88846fbe3a49fc1f
SHA1

5c9e96626c3dcc266220ae9909298a4cf64a8d31
SHA256

eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3
SHA512

d2170f5722e6539077165d3f86a521561be2276d40206e2aefeff8e7552b47b3d05f0809c9b051e4a192687afa6416ca7bc4aa7dd3c06887017f8423ae019c86

Score

8^/10

persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

468

C:\Users\Admin\AppData\Local\Temp\eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3.exe
"C:\Users\Admin\AppData\Local\Temp\eebe22e7644673d7f6b79e14f132eebe035d1a48cf4fc679f6f166b9039028f3.exe"
1⤵
PID:980

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...