ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8

Analysis

max time kernel
168s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
11-02-2022 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
Size

51KB
MD5

b5d46fd5ccf5394f219a8e86b369dd85
SHA1

1a5bed0b0c8a6cbcd74b0b4d8047a6f33fdae7dc
SHA256

ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8
SHA512

e0c73e129d861eaa40b42492563173cb0f6042fe46f16d8c409e2074cc1a3dbceef1b7a5c6b34b274271c5e196cc6ce97e8654cdd49a5141b5a11344b6bfbf59

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\BrowserUpdateCheck = "C:\\Users\\Admin\\AppData\\Local\\ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe"	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe

C:\Users\Admin\AppData\Local\Temp\ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe
"C:\Users\Admin\AppData\Local\Temp\ac6534b3dd0663e9a617a6cd20db2ad5f6de2126e32a446af73df1c231aae5b8.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
PID:752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads