b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b

Analysis

Target

b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b.exe
Size

26KB
MD5

ab0a239a67498b1fe875cac61e1cc881
SHA1

259e3a7a5350d79d7f18677aeb5dad0df3c1c4e6
SHA256

b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b
SHA512

657d23e85e010ed6bd71e46fdf3c56e16ac2946e6a0e341ace1440c82af0c4fb85630a5cfcd1044e80138ebd815be6bd5bf714d230d1d976e68839800f26f6b9

Score

6^/10

persistence

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

Processes:

b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2329389628-4064185017-3901522362-1000\Software\Microsoft\Windows\CurrentVersion\Run\Google Chrome Browser Assistant = "C:\\Users\\Admin\\AppData\\Local\\Temp\\b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b.exe"	b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b.exe

description pid process

Token: SeDebugPrivilege 1116 b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b.exe

description	pid	process
Token: SeDebugPrivilege	1116	b2144af6922d925a99bdb5e2264b40af2d310c556444fa61ee190ced786ff81b.exe

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/1116-55-0x0000000002120000-0x0000000002122000-memory.dmp

Filesize
8KB

Download
memory/1116-56-0x000007FEF2BE0000-0x000007FEF3C76000-memory.dmp

Filesize
16.6MB

Download