1f1c878dacb13a93df5061d990c130bf0f4e0117a6d506dc25e62a959d4c987b

Analysis

Target

c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d.exe
Size

2.9MB
MD5

994de6a3f96bd710d620e1396e1bec92
SHA1

53489b26fcceff4ef3240b2efcbfb38a78d24c4d
SHA256

c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d
SHA512

3e6e6e1554313f5b9fd082e5f147d7036439f66427e3ca066ed6a6429a5aae7bf70564fcfa3e2fc4853739bb8111c78ea0b404a8d81a60bccdd30ffb6e91fbf0

Score

1^/10

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe

C:\Users\Admin\AppData\Local\Temp\c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d.exe
"C:\Users\Admin\AppData\Local\Temp\c50bca08a8e80850ec18d258ff937b7b72a500d9027c730c86b05aa73c938b5d.exe"
1⤵
PID:2932

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Modifies data under HKEY_USERS
PID:4704

memory/4704-135-0x000002ACAF5C0000-0x000002ACAF5D0000-memory.dmp

Filesize
64KB

Download
memory/4704-134-0x000002ACAF560000-0x000002ACAF570000-memory.dmp

Filesize
64KB

Download
memory/4704-136-0x000002ACAF980000-0x000002ACAF984000-memory.dmp

Filesize
16KB

Download
memory/4704-137-0x000002ACB1E50000-0x000002ACB1E54000-memory.dmp

Filesize
16KB

Download
memory/4704-138-0x000002ACB1E30000-0x000002ACB1E31000-memory.dmp

Filesize
4KB

Download
memory/4704-139-0x000002ACAF9B0000-0x000002ACAF9B4000-memory.dmp

Filesize
16KB

Download
memory/4704-140-0x000002ACAF9A0000-0x000002ACAF9A1000-memory.dmp

Filesize
4KB

Download
memory/4704-141-0x000002ACAF9A0000-0x000002ACAF9A4000-memory.dmp

Filesize
16KB

Download
memory/4704-142-0x000002ACAF8A0000-0x000002ACAF8A1000-memory.dmp

Filesize
4KB

Download