35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06 | Triage

Analysis

max time kernel
163s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
24-03-2022 14:31

Sharing

Report Analysis Logs

General

Target

35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06.exe
Size

772KB
MD5

e2ff44846d7cd5849fbca477d3be4259
SHA1

98c5df737681738d41c5437436005cdee4341ddf
SHA256

35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06
SHA512

f575b9003d76ae27fdedd232941bae21e436ceb1ccfd0aff3c69eed6277c9386125c461aeb2b27a561ff9b8aedfd89ebce415befe933e625c50e9a5925cda933

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 6 IoCs

Processes:

svchost.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property\00184006662C773C = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e000000000200000000001066000000010000200000008d321fda048def5e956fa32556f099a3aef099f3e88ffb3ec9bbc324d192ea78000000000e80000000020000200000002b20cac19d10fa40393223c9eec1059e5631c68ef4d5cf425d2c2b1a43bdd60780000000f7141a49afb5cf006920f490f52ceac2328e2fc551aa6693a83345fb4e5fbd9b05e03cce4d5e0aebe040a68e6756c7ce52b610ab43cf05ec239eba2bd272676637874c587cc3ed5980a6e5e1fe3b8f125971d5081c33dcee04ea33f5d40e2cd9ba75a7ae16216d82fc81da9eb8c656e88da3449631dd78224ef0d393d08f2caf400000004f8688c1ad987dbf6a760752bee3b47a82b7ed45bfd8fd527f51f3cfdd478a096eb0e4d80eb8269c2cfea0af10d123fb0cb9a9854822458c460e208c83e26798	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e000000000200000000001066000000010000200000002ca8ba80209b5862b206fd36523600a3b2ea193443a1ab6147fcc8ce323423d3000000000e8000000002000020000000985807b87f8bfda1453bf9b1739de68873d7c909ef5d117166c1437cf55da9f3100d000076a26ba093d601ad641d5923db69ed4e6c582217afe5fbc176bc975033e5f3c1c69b6173ec408c92314c08811e211e6ae88bcdff78cd2863b443610e97d21e9566e1e3ff7a8cb213ae7dcdb55b95350b1c3bc0a5b097f6da1ca12f714709939f3834c8f0c14a1b0f95a88ab59ab63f645529b989d567679db76b78f8f433ab8d0fdb19671364cbe93c1a78811d7c71e0253ce23b6156e97acee64ac7460ee555fc9b7f040647090b61d59a8c0a99a6665b2212fee8480c7c5806fc5d32638bccd25f4ae23a4d364209544bda3d42d2da1bb94d468126624c4dcf30d94a719ca6c0532ba8565c1f65c62ed094f0bfabf6de9c1f2edb73c811558ea1cb02e701756c88ec87bbb6b838f809be206fff84b5146bbad5bb290eecb8238aa23603f5671433df8ee7eab62f04450286c3a00ee7b7598054fb9dca7477c0cf976361d32d29bacbcd8aee1e473aac9c02397b8f800983f7c1c835e8f7516302ce543805ac7b3c5a9506fd8c5a1a0bcaab58cf00e03c273de66f32bb37d56aa34064bff2542fe5eb803008d0f53db68a6ac1e675d97d84a88b28da40597afdc3f554f131061865177b0d89f5aa07e709260e8244ed91cd0ee9c9c9bf716f820774d266b3ab831d45bdc3fe1909d8522852a206fd11c2f724530fc38b9181840c5c84a00c035618a6fa14066b10c5bf1ffffaeda5e4885d8bd593401ddd34264bee8358a6caeabf6df17690c888dcf0155aa57213e8fd239f23698a6ad8e16dfedc4105447e65b4c2cdb7691fed36a3d110975700cb4167b120b8c14e017245b63f004e522be268f6c5c2bed383e05062e2c8fc1a57571abf7ff9cf1fba43ed02ff33499a05d97ceabae46ec30cd631371988b95c43d90c215aae8db46c4942cd2bf0f7692ddde905b4d3029aabf6cf0590df3eee3ca418b936d5a5d37510b04dc9ae2ad445e3e885aac629377c45b78c14154edc7f614aa87a3ef646b4fe935757165dde4c29ea50e27a21bc7105ad32f1ecccb34c8961d5e3e8f4c8321feaad892251fd36f6eb60831da4bf1e7d077b9372865494dac8e506deef1aad47dedc7b8c896d0678e9903461a0c29cfb4ca1232ce1595fa384c71b84bbff5e48fde8213e5db2ecaa1edb521e8a49104e45f2b16ae969b157ba5839686cc761a10442b30d03b4a37dd3fb2a2be612dfac84db06e871a30ad0759b47e8af388459fb165fa7fe7541550a6e64d70fdd9d9ecb3f57a6a71d4a0b1c009f2b8203c79e7759eac429af80c1ae5ebc64749986b281bfad8e6f69fdbca9789fe6d31e43aa2a225626a76396f1299f0943595f938f1009554e3c7f19ef984d5ab968221d85e6b79b9e9a5e292846cad24182e3ea2a53eace620e2fb5f55a4907951c7a806db09ed704475ce9ab7eee6c077715f62c23a20a06bc6383af094dd2ffbf470dfbd9023baa825ee2d3c27900e30b42bbd7b83c0e955b65584684b0ded2befb2be4525d4fcfb17b4e0cd7fd098876b1e301af8c561fb3740fe3798ec119e3c5a76ef8b5502672a00de17a7d7ee5bde528e435fb5fe8c5d8560671215476485e17322439739c4995112fb48927d78f793b2b92eb96985669c02dd0ad12ab118a26d025580b091b7a53f79d4b0c1c40c3020fa3e59ccbbe7122e481981358817920a6b77effce0164a3abfad4c9d8afc878caff797277f89e6b4fe7427ab0dcc387ad3e22d26a4b9d4d91c3c232215a3e5ea871ce493e9ac88eb9c440d33952d00f8606139cf5ce887e7a5812eb8d3c17d2c1395e401d27244804356e663cb5dfaa7c6241750eebd9a001944f81890676e040100d354032ac60d8d76d839f5a3ad0ecaf1dac2511c83baf415a1ecc96d418ea3c76588c0d6af54bdc9255b6c2af4fb851c00905c97a54380cabbf78c6f875a191e4c6b49ef0f22105997ba037711bea80042b4e97ac457e6ece69892af913c0cf6f956e6ba239abc073f99a19f5a528dff9bb1bfdaef852ddef74f52f7a6f122c3128b890e292e3221dbbe61951b2a28646170b2b4125bbcbc42cdfd69b5ad4093bef2a64c36ebbff0c41aaf40fb7448d4793c9677e2c735ce7c48237bb6df9badc553b1daa3855266f05bff35c12702cfd2a1d371c1963875eb48d769ae9590ed97231cddd7d416782214f3189cca4a69ba250a00ab17ab3938ee765a824e07f244e57453d2cfbb97adee893893dfab6464813cf9ef3af7782f71cf5a6105f37151e5890e4f718f4cab7ecb110d8faafdf1aedffb088ca9f8b16fa0fb41d9be61e7c00fc88177e4ab1123f6a5dbc3d419d8e86ba780bb35b5f4699692a5f5538c23235a61ca06b654daf8aa89824a1407d811dc609393746569c12728c0632190d23b1709151ea9c1311399ce8fca10e682266cf3ef269b008e31fd953c910ef48d5c98d41d14a909462f2b4575a13880ea8f9f3cadf81fb9f217f2f8735455aff1102517de9448b2652dffd8685896a22775bcec4677db6839fe5ccaa7c2458c53261e01ea8e0271e2e9b75447cfc73df792517aa9bfd247a9f81a7adb0658fdee436a968914dc0cf837bb88e219d19cd11348901aea82a5749b1820f649e1e42965fa9f32e993b6e04ec389d4288688c519b34716999f5ea2338c7c249aeec94180ca234ef1257279367c0dcb15610f2214acb0ff737452f95807b378a95692a321b2f52e2c859e3482ce75511f323cd5e3e17a5d5a23179745c80ca51e2240f8a80d26d96431a44b6654b8e6d1a547bcce5c8b8fa3132f3e78b224bb71e3c7e674d820dc9e440bb0fa9cc594f51bc14d39fdea1e5c7041bc9a422e896146703dc4acf76f946e06cc892858055165c41a7fd58ae25d54df06ee64086342475c644c9047f2effa90b97d87496fc02ea97a35b37fcd6e9236ba0e94b319d4109b09cb56ec5826d66dd25dbdb4c6fc152a889e2bf5cb5700f496ebe0fdecb352f8f956396e223de01e1f0e371b609b6d3b634763ffc91960f92bc17e91680171f41c0a0c8430a538e2b9046aa5970dadbbbc721e5a1b36f3e1936a4e7e6ab0595667bd0ee17963f672752a6993b2397f2a451936bf1469918252dedbf8bc01f7a5ea48831a3a11e8fe0e541ea542721890cae88d259a8abef110e50f2f6d2d3749e5c5562a9763cf2e8b5c7d9c1369444bfcba7d82f60b81d3873c8c5666de30460a156850bb075669589c4b05d51cdee2cdaa8a0216a33c69972d7216a10f1c7e44b3936284eba7bb4e021bc5e907aebac271c33f47a667d98b8fc2fd479f60f6e1fd21cfd724ea81fb083e1f8f85c925745dba2b1c742500c999e3f29c424196041e86ddc8f74d8b2d5d76915248e0339dbbd69b0b27c003639a6bfd218a93f46ed67260a580191ee9356592a7bb6a4741e46751efe45aac5af556a16842f452fb069df05539a85b56ddc2e260ed26734cfa8e49e110d496918d463a3049c508c02f5630ea0e881ed12191dda469b37b45a54d20de6d8e45daf3608162764a2b187620de98b4089a95881569a6bd067adbf20809beeddf41d40dc92a63e757d9ef71add2bf2f7ae8199f3e721c7906687b0b1c2a350fd64dbde123a2991f9ad222d4b1cf717c2ce41de3eb96f9013cc590eeeaec24b61db2b29b2a0afb9b4af2bc587596df9318f870ccc3838ff9a473df1beb9c7c091438f4cf925660c26b59da13e37b085c94c383ac8d3c7a0323d22dd9c79f25564906a587e8d63b7a7feb0dd134880dd6929c2cdfe9b933963a37c6bd2f17acd35c4a03a0b3e5929507818e7af4ffc0a746c2fd67da4eb7c2b614e65bf56178dab22cd2ea9f28e356d32a1fe8d55f06868ea1eba48376cda14e5e3d9c09a97061f3efffa586451e7dc1d8fc4407110ef4ce9fe878d7b2203d1dbfb8e3b02e4afaccf4a87297491e6981d0f626c48bdb3a96dc2e05b1f92561a79679918a46d10b335e51aa90cd72827b80467d505f16196a1a51a33ef17a865f3399d148225e99285775ece944f8e44983d91e8628eaa6fcc32cefab3fcbc5e0623dce7a6efb38d822e9205ed648fe85fe2934b359f9d6af9076e205a664742915f0f3ab89504cb5d1aeec94243f9ca4a57d3da31b11d5a9d9ff34a49f73154408ed8a0e46509c5b4771f423ac6633887ee7e7601b5d3b40cd0d84952fe47e135364a5ecb86cc639678ec371cfdb5c70b6b7010fe2ca2535a934fa8b4e600700f60aa7376b7248aae53f25dfb1266f82103fdb09555417e1f98b2f816f45eb1d74f84ea4004f809407f5ba756d34d4abced3d7a9eb88b830b8c78ec4d58810021150ac4aaea73be6613a8441f4461d14cabf872314a42fef4857a88a5185c5caf0378c259413a1eafe08625061900900d76518550c56f9834d711e863ee1265ee1c66955d9650cf46a67e9447dd4b43fa035391f1805a3e836a0be7b7fa79a04c5097cff96f1015bfed46ae74df1814b8bc23ab44078f810a2eaf2b2ed75509fe71619be9eab1bd82fc1b0d51b4bd6f9f4611be25ea6e0cfb9dc22385e64174b0b6f230ac2dba678dca044bc2e35d55eb7fcf34e33e7042c414c18f3a9e95c07a02ad28d9b5f8db118eb565d426ee4560dca0793c532d7922af4a78d2e073322cfc2545864d3c51fa2a8b00162b8004a2d7723eeee086cec0af7832cb05beb2f1dc66b67ee05f576e42866ccfb1f643a256a90f7b3ab41bafe1eaae1e9d118465534878ae85bfe75ff5b57ba5349f5a606703ba03565c4000000054e26c1fa6488beeefb437b3ecc56c8c5d0511625fe0179dd212c1f18bcaddf67ed5ca9e930b4416755a7e1d60c65e4e752342e9c5431c281f816274eef11365	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceId = "00184006662C773C"	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ApplicationFlags = "1"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Property	svchost.exe

C:\Users\Admin\AppData\Local\Temp\35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06.exe
"C:\Users\Admin\AppData\Local\Temp\35d933b942fee8d41d0021dbb6810c13f38ca4956b8a635046978c4d3b545b06.exe"
1⤵
PID:3796

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
- Modifies data under HKEY_USERS
PID:4740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...