04ca9c3b628ea6dad9416c02c1b49af193644b406cd6aba37d933df0e73ce9ae

General

Target

04ca9c3b628ea6dad9416c02c1b49af193644b406cd6aba37d933df0e73ce9ae.exe
Size

1.6MB
MD5

c5ef92f3ee5dd058aee7acc24617dc75
SHA1

335b2cbb898146725bb81af4ca254971e1301e2f
SHA256

04ca9c3b628ea6dad9416c02c1b49af193644b406cd6aba37d933df0e73ce9ae
SHA512

9d4b10ceee22ac0eb59d6e7bc94f26a4bf6faff91306af370f6cb31f62d2eb28541de1c0f32d584ad1e1598417c94a75720fc0043e2c822e7fbba1f60f1b6bdd

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 7 IoCs

Processes:

svchost.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Property	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property\001840065C5D73E6 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000d65fc12ccb87f67b0c97b0d3816e4bdb21a6eed71690f6428088f2e2c49a8f74000000000e8000000002000020000000a4d7057450a4ac29edac847741655a4cc0796024d8aacbccaa6c25d19009fb3a80000000215a5db5b3efbd4bca69a85089a46efefaca1cb0536211675c6bcf8e4e8358725798f68c51f2429105cc25b12db761a3db868c4b027bff17be7e9b6a31e134ef5ca86ca9c3198271307f77f2895539a2d8d23ed6c1ff3dd53b73742d683a99fbffcc3073abe84cb1405568cbdcb2b8fa2d890518ec2119bf329c4ee732fe50a74000000059e9b7baa29d7a5377eee16038c40b38a8d7096508344f447cb8eaeb5242b79700886dfeef1dde3c20bb7d5adc0331dfdd03b8cc503b5dd2849f68f020675444	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000ce639548946f6112f12b27b582f6956c0ef57265e31a894d0e4389d511840c3c000000000e800000000200002000000061e9c09b17b26a9efeb86b3cf88a5e2f121412a9abd7f2e1637d1f15f0d949fb100d0000402b2bfdbc6ce57bab4ff81988947153fd9b9cc2884e84ed2d55da0f90eaa55613a7a179d2f776178dcb83c4b4c4c29f6a1e802b1edecf5780b68402d8281a93113b7fd383ebab316eb87c4104a87a5015be5538122c1739c4b380c1dff38a6c4b4f5f693e4df27ffb27e6bb55e455c8009367f49f28c32936033f8ef90015c6d6c04b2cb5171dfaf34c293458ef066458100e0a042b8263bd4c31e3ea167ace89d4cb65f7e111314f7b86a4f14a7e5184338f9520d174c79e3c0d4c3484a9a3247de973cf53db583ecea58c3102681ce7322be87146f9363ae822721feab5f7bb1de470d19c348475a7f6f943ca1cef0ed8d29480d26d76fbd4e04eb1776e2b6c95d2f2a644b3eaf91e4cf3ae933c75885f8f3d5f0db38d96600f821e25baee87a9e37a4ce5983d0b95d9148b2e5040038adef0fdb5a120320375ca732abfae5366f761f4daf05243b046745d7d12acb5263d399bc53eab0cdbddc22203c66ccc6062b1679f7e5d993801c42b13932af30a7cea8927ffd608a01ee93fd11b3bbf22d7ac693561bab142717ece525c3b2205d2dacde4500c02b6c05aafb05b0f79964cb7ff628d7a415694139adbdd906b9a6f754a353384ecde06420e33e8b17696a16fcf17c15836fbbb0b1c386d19e4e829b3bcf48eae9090f64e5a0fe0080882a6b4d1d9ab38499a8c74efe9feb8e20b165c968298fa7cc07b8851f83ccf82e690053e3f79148fd31a5818f14e2a545cacd37fad2bd5092c89b9fd22be229ac0bfd4b6420386e4f6648d599668a6408208a5cd3e74afe1d21f1f54c91afbba67c65ca08abb5554aaeee03d62cf64161bf1dbea5bf61b41ebd15f8e92a01a2c8b1d26aa9dbb28792bae8d216dfda982539144e2fff093b695b86afc535595419e9cd3e8c58c9e93853e63089e6c51aeb84821e8a6ad7cd16c2a17ada3317978b6d71b9d0bbf500c81c81cfca4c55ba99a5f5ccd25044669e9db29bab04bdb7cb4ffd3c87a4cbf434c32d51bbd851e7a6a3f155cb7670d129c040ab0e4634438fad79e60564246d14779b60edafe23bdbe373c3426cdbac230f56e96c85ea756311517b0877ac8c65538549a6878d97d8982eec85f3cf80d0161b2ca02a8022f2cbff8a6870ed36784d2a8908f888dc42436c3b2bb405890066ba3165c8eaa2b166ab5d4fdeeec47551c19edca79995410298d1b97e6e63d52461ea7eb0db2b07edd9d764e8508aaecf4ac304eb6feb4cfdecc7f9f762635d4d768e6f5162c8910bc93ccb4a0bee09205a5085301dd4bef2a32f68e4319dab1868d32ce1c98cb3c829587a8d387df4cf8539de9a66d5253eb302b49b7a3a335744c86ef460a0701c8204cdb3cc4eae00354c592f66fbd22d62e187dd81bb62b16e51fd9a020c4ceae4409b481c1015f2025f1f52eb53c387b6b82b7c1e6fc968ad0723925d597cd1dabdcc8edbe3ca1a28166c2bd4d5c34098ea763ccadd78b961ecff1a65b5de1a26ec83c6e959232a10c98535cb6ef14b3b82adee9b4b2e9e7b760c734c65d92cc2ac3ba68f97d7f70702ec4b5d4661d0dc9fc7a587b47544e735acf5750e4bc5dc7429c9350228b82886e9bdf8d13249a4e7ee814c77dff78ea1bd56d118516add29ea795c69362746fd14d74946aadea9a183c7b1a1dae508b4189dc521b17e3802cf447ad646faf72993eeda434f200063047213f76aceca127a49683d3a05b5552fb2c4d04586ca6aff3add8f2f72cbe03153c1f905fe8b1f33aac782bf578c0d88479ac5867f30c782b8c926c130921ad27809580ec1832cd4a8b91439ebba7c2c4fe8733b13a827698b8c18f0e7b72b96ea5f96d6a6fffdf4b5d401b0c67014e43b6195ade718e683fd6eff230d122479a0dd1f728165e7f8ae4225e93b43b73abfed45a820d1c4bfd5796547518eed5dee00dbee6541405ab45a768977218bcfd822eeebcbb40c8e406fca18a8cc86380a7ca37d18cc8fb1be8b8bbdee49c8c07bd58256391644c9a524ca0f08516a9018eb64cee56d2733c10867332eda8343575e98db86855dc7f863ffbda6abd8b3549de84bb8e2f84fd13a30dcc94924ed3503840daacae1db443edc71cc6b986f1fb50d670a69974903da075298d491f6317b9e40000dc39aa5d0b217713185182927ee1533dbe9f1ba35d12c77deca355ab6e01d8bdac4635a0428542a9301016055b2ef2a0ed64acb347ff839baae9b04bb30c50d7a389512864b6a7e75bcbd831e96999c06c5ff6953e6aaa1a635e011354291667262903e0893dcee98aa6f2153b217eaaa8196496d12b785d581016e65c6758e86aceb64b6453187d0d429e445ec6405487b59a2c7725a4052bd4abf4e8e165e537c805b893f43c98565884a526904b9d2576811359a6bb102d114b723fda21abbd9935331f40679bd8e656a2d4b72ae6503c20c1ddd35683e69b92c2a94547667849f4cb6e30eb3daf6c6d0241dfc25466f00b6c82641ed554bd1df8e18d994bdadf7c97ba09c4b65f3736b7a592cfb059bd8006d3fcc7928c73ab6e0cf4380dd36c00a3f24ec121ae2494523effc89d539ede4798fa0fd6372f78029fa0ccb420b1920f673813a2eb8181849c5f37234fca30405899a5600cfcc9ae9770ad6e38b7c3180ea056f4cd8f4a38922f7b8eec681d6eca12006508152b14a8a6b2555e075e2ca164128431367381f7efc771d2bc48bd4c96bed4ee907f30d7833d54a81a601da15f0d40f55d4e2a3d7b92ea343bc9fda85f486b793fa5a77acbf7d1475962bae0635bb1b4efe7d57bed872a6986b9c9ac38b4e8e525c0464e624ee824d8a2527884943487c3ac7edb4750fe08245dd226bed83f16ce27e0f0acc2ff28011fa019a11a387abc2d09f3ab2462b4bb61e6bb377e229d819c644d32b1ffaee384f9971755c0b45c0f6824861fcd9fc14a26a43d12c8ff535ab1276da65d899572bc2396dca498ea95d5bfac2b74f4981d9fed30684a9beb621a74e47b0b50e2360dac627ff1c011d9ec1b591fd6b220e72b434fa6b9a8c35de2e658da577537c59a190c413fbb66a514528aef04232f3e969931a851d803f661342f513a4ecdc13020b2c7d3d7713e2747cbb1402c9069d2edce6c6d2932efab3c3ac1e8d38b84f42b4082de991ff8caa2bf3fd7927328e5e2e3e14b2d745be6ca0f4f83198a987113249d2af22784fdae87e8357f6587ccb8ade67650b1e1cefa5480df0088cfec857cb98c6ad4d8d64f7a3ef151d6dfff0e347c516ec17b963496763cb6f7b7c15db6c2ba669d6c6ad4b9617cf46e3fc8c142d6cf0d0ff8cbc15d61d99b8e7577a2b6947bb41d482454bdf5329983916e259bfb656bba29bd3e238ac9faf27fc6230383882d4f60a42eb05c420329fab9213dbd2e6f9d746c679a6fdd443cbca2266cdbf9d137cbf4036012d65674c3dcac3cde82f2ef48a42fc7e392ca47575af223997540c117b041a522029f43eb19e0ecbd8c7fd73e6d717508e869e426359fa5ef4d3252ef0e1e78ddf3dfa7d0e0124d5d0d88bf9aa337c2c938ae20e6eb8fbf9aa018605f6cc338a0238c09e658905350eb48060effa06d410485dd0e8df1d9da1135a5afc22d2110740b94dde19715f0a9dea9e9f5511bbca0d2d7ad2db572b6ddf891073aa3b55e7abb4f2840ee8a1f02636a09deaae0e6cc1f25f58df1f729f0d0adf2f96c5443c78f81a0bd0c7c013dd60f313ba197fc865c1b17127e33449613e8ac99e8e84ac76be3f66132dedef2574b98ae6cfc6458cd4b07ec649743de73476cebbfb09d24be0a9f9220757e61214355c4c5a711221eb6996d093c55846a16bdae808bf4a1943d120a10505f9466d184ae71fab256f262df1125de7d71aa5ede5a75d230ac323e0546046eb2017fa716dfcbfa15e8f0d0dfad76c545485e0c796fe1fe8ae65ad27890300ac2526d5526d0437d089787142544b7ac2a57985ae438bf9d4b4046fb029c86e21e66e4c1af9435cefd7c59aaeafe1b6fa98770176160cb916e366076bb30ef963610f3fc347502f2168b8403cdc8a3b8a21c4314a27af7dc2ce6884fbfc1090db59ac2e94fcba176e268d46367444671db9cfceaf7656110cc9bdd6e29da87e8896fad7661c59392dc36ed422e04898b53b5a129aeb2e43db5b1b27c37e6065f05bb249a90ff74aeab44be94099021d70eb794d9e8803e8062ac41ff90b9531b08ddcd7746a83c9c6208a20463c829220a5ee31ff0c44c82f5ca5d5fd76189bc840b703fb5e5b006737091c543f02e9bacdeb071b9c9680ceab47d37efc8eed6b4448a6a4d20b9dea1638ef0ff1fa4f9d30b1b1fc63fbef9458e404a92b221aa5cb7b2ada08d23bc13f5665ec03f6e27ea886942471122873a74e2b321f589a5d064fe5386e8935e557d1295a695822a24a3a9aeaf776c20cb70ca820b25f3a8b707a6fba96efc8ebe751127cd2b8fa4ddfa633c73ad1cc38dacfe072da1beb9b057eed6ec8d3fb9fccade12c9533b0d91ecc02d20065e519e4846b0326a65cc1259f25755bd1cef63273dd6a3f85e9b51ba05c10930ec3d7015df433b39d22771fe8ce4a9ba9f2a4b760de0c9ccaedf290189d2d5b66ed491dd054b7bca0b8ac675c1ed2bf69d396d023d185a22b98afbb2ebb650e7e7e9624bf5bdc30b87140581ad4ee3924694f534041086b228e40bd8b1bcf600d550b7cef9a4eacd640a73dc228ca618705e72f08b98913789400000002e9f528b049c11a924e1fd710aa3a6c947aa3aff261fb90698e019179501ca4f2b69fc3dd61aa67d95c8bea0d37d4ccec9e23c63732bccff7ffc19bf0b4a7af1	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceId = "001840065C5D73E6"	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ApplicationFlags = "1"	svchost.exe

C:\Users\Admin\AppData\Local\Temp\04ca9c3b628ea6dad9416c02c1b49af193644b406cd6aba37d933df0e73ce9ae.exe
"C:\Users\Admin\AppData\Local\Temp\04ca9c3b628ea6dad9416c02c1b49af193644b406cd6aba37d933df0e73ce9ae.exe"
1⤵
PID:4244

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
- Modifies data under HKEY_USERS
PID:3328

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
1⤵
- Modifies data under HKEY_USERS
PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-140-0x000001FE02560000-0x000001FE02570000-memory.dmp

Filesize
64KB

Download
memory/2368-141-0x000001FE02E60000-0x000001FE02E70000-memory.dmp

Filesize
64KB

Download
memory/2368-142-0x000001FE031E0000-0x000001FE031E4000-memory.dmp

Filesize
16KB

Download
memory/4244-134-0x00000000746A0000-0x0000000074E50000-memory.dmp

Filesize
7.7MB

Download
memory/4244-135-0x0000000000940000-0x0000000000AE2000-memory.dmp

Filesize
1.6MB

Download
memory/4244-136-0x0000000005B90000-0x0000000006134000-memory.dmp

Filesize
5.6MB

Download
memory/4244-137-0x00000000054A0000-0x0000000005532000-memory.dmp

Filesize
584KB

Download
memory/4244-138-0x00000000055E0000-0x0000000005B84000-memory.dmp

Filesize
5.6MB

Download
memory/4244-139-0x00000000014A0000-0x00000000014AA000-memory.dmp

Filesize
40KB

Download
memory/4244-143-0x0000000008DB0000-0x0000000008E4C000-memory.dmp

Filesize
624KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads