206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc | Triage

Resubmissions

09-12-2022 08:35

221209-khhxhacg28 10

07-04-2022 07:16

220407-h33rashggq 10

Analysis

max time kernel
119s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220310-en
submitted
07-04-2022 07:16

Sharing

Report Analysis Logs

General

Target

xxx.exe
Size

416KB
MD5

23f82ce9f5f8e02614b31cc0810e0d5f
SHA1

0bbde5e6b3aefc33014ec3c1f1e61d8664a33a75
SHA256

206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc
SHA512

1231dc5046cb609b5cf2240a95cb728842048609a93d3034984948f9fe99ed54c508e154f3f7516f9b15a8244ec49574dc6d6ad4a95daa8ed6bcf8e4fbf4f52d

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Property	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property\001800083428F09A = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000742e8bbc2831adbefdefaef4d85853064f5f6d27a59fdfe979b9a997b86efb24000000000e8000000002000020000000c0112aec799e895d5dd422d4b348c217dc22d04eaae0335b5b7c7710d8fbb619800000009fed8cffcfb888fff3f3b6f493aa16c4205bf4ea85a6cc0dee6f0262acd0c2b92f5297eddaa6adcc4dfce77065678b329d2ff92c25b9a723350b5ed89bb6c27b2a8906a0a6f9fd95f572d9bf7002ca742abc0d95cc5d5a6fa1c5e5fc0072b32928b78e842c6892a8d28ddc4bde819642da86a57075803b4a689199bcd5ab126c4000000018858e69ef21a3f64bac4dc3a743b469859aa6d0b8e6a9a086d81ce51d3efb6b3aa058af35ae83ed745557fbc8ad9833106d28a41e7f195fa0c00bc51d62a9d6	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e0000000002000000000010660000000100002000000088bf0f49e239df50daf4574bc986a564dae1cc831ee4d4e090375b6d7368f3b3000000000e8000000002000020000000e7adb63f4b5a4531fe7cbbdf1254f2560363820b25fd5ffb19b16794ff879c73100d000013e4f2fabc770e4f70c884ace82812f0a1940087a658b98543e91e5eb5caa325125087f2c8dffe0cc7c344332849a68dc2a50c2ff60cb06ba0800704d6f3d6e75767def3d44c11a28147cb2ca4bd7b11d9385f60435442869658604b83bc1415f1294d3590c1e3e54194ffc4b284b649576590b53d011dcb52da1359024ddf69b095024e2fe5cc6427c992bb490e426f2132d1935caa6fee7687c028063321a8c41439fb55370fe4d4962aaa25de3b11a98b0a95c7da154f9a838a37af358c73cd0e2627be0b19ef8c7a67ae2f53153abc6a42d8f0dba24ffb1b335cdd383fd8b204f645708ca5249679e927beabce677174f323c4ab3a417b34457dcf1b978b5ea77624595413d739c243c8c4a20e3924d9a44a04b0d79829a1f7b09dd6dcdc6cb98bdf50917275a0ccfb2dc30987a85d4d091f9e93a7fb2b3204617ab19c4e44f95bf039196a88c7295cb8a79855cce7ae557d3af3d597186313ec7327cd6499fe698f236f4662aeb5c8b4375a1c098b452ee95ab8f8f91c423ae80c3e64fb124e75aa9cfde057e4c68205a978551befe43cbf549f5fc0bfbc96381fbec192193cb676f304df2353a22bad1e2ec88342906f05d07235ab78a8f101b17e0e7007059cea1ed5aab85be97da26e427a89abdfe6f9718dae11b1d9f20ac04703dba60bc33e1c9368f9e628fc2541f622bcae50def1562ade8461dc5081b0cf035ccb4c5773b6e10498f860c08e791a4366fdd8883131ed68d640df9b6cbb467c35782b91b5e564a86e34fbffa5a2d5c8d5a629cef16a1043d1c4f9a6aedf8c51288c824961783bdc050c2881a8b45bff4507e4c904db8bb8243ba0a8f32056b5687e7e5e54c3abd1e1a0a13d90f65e079190ebec162b2b3e239b7ca9367539557868a2fcff69288c3c3de776ca9baa2c3b2b7813907720a64f4b54dba7c94829b9f3956d95b07963705a8db0897f6c46dc5cf54d4a5303bbe792c78d802de88978ceced64a22271e6f0d2be592ff32bbdd351a394c548cf5beba701d8bf08f3d353ad8913ef764a3fb90ccd61f660d43df0bef930bac8fb9b381a7fad338d4cfa942bd812d64b3244b39e46cc88a9f38e9320c295b4bf86e1e050d0ed49bf85455b0046136681c791a1b058e76f3e850a0ec1cb2365bec80fe3db63601acd9de8467724f032ffa2a0e513733b42de1f45589718f4ae893a2493da3a3629cafa0590c939523c80197de461604c6566beb0aa863c6cdf2f6c26ce6b47e358ba0d0e9946f72c16e739fe6f66726d9ddd40bc26d7d0b5a406cc5db2e2855c2c8cd1381e148b77f5db30a21dbfa9b58fbe3fa812b11ca7015043c4b1738df2c6b7a7deb2a1b7f7c7895ae9a40adb59128f800d27afdf7f00a919bd26e99dd5e66a74d05a5e9a4d77375cb37d5d330e239f9500e6c2e8046761b101d8bc706b073d4bd15345f02e0bae0a840d448fe6e6b022ab531a11f2d1a9f442a6d1c88046e5dbd2629b470e9e587c42e8695fb0bf99f98f39db134de404b0f14429b1c407f200268c662de9931148cf5d6ac1dbf6503264afb8302417a044cefe4cc8f0950ff3b662f70484b865565295673d8281cf3d1d39a6e77ee91d208b58f496c7a4f877a75f57c3b9774253c5f0d7f24b888ccedc67acba8658b62c78b9e49fc50b08db1cb39155e2076470ad8ffe9aed6f02a3e799320f9073f18e22d8314b5507a754f1efca8f7f8bf8974d1913a075d60a3b53b429e1309430c55c740e47527cac00add1f77fb03dcc07c7d7ce41b4d78287eac2c8271d8f9788d8ccf58bf77e4428e53aac61ac9c51d7a750e04dab1110bb6f0a06017526d65cf4ba28f6cd4c861ee55ca1061bc2a065e42385ccb13d6db366dcf820cb3d16cc68b8fdfa27a0b584a6c346383635d796533cc79887879c5ca03adaf56832ecec4473bcc1f63b4f4b8941635d71157665716ac001b0c01b5e3f74d4d88c5798344b964abf6bb20c456467b0ec418e9b49902924664770011466281caf84637a8d7f7f411bf35192eceb51e7f7f90aaf3b5d59d03feb0dfec7ccbe9d688fa40c20d835c8a3071217ce4c52df1af6f7991e8e61a8d04ba81bc764f1df16e40b5dc18c6b8f86efcbfd279479d2572c034be2dc231cb1f99af90a93688d0ff9ff63dd0549fd9ca338da904ce00e44aa7ec8d56dd7f605dd10df8b7b7fc5a8bb5eba0434ee35bfd2ef3aeab393dfb7877ee83a181cd822a7dc429ed0bc9433e0927ac0f85211007c64659d7644cbcd58299f496ece17cc2fae20798aa0ad0d5e13734fe3539d087259e713344262ba50e9fe7562f56cf65773529387b50064208082a3f12934e3ebec031abdabb37a80316a9a600859fe4df5a733ab6ed723e683eaa6ca8fe538f7f8e7f683f919c9774a1f06266a4c5134801fd716756a21c329d3130ee773692ff822b857d9667f6cf93986126655ca9b91fb3223c800bcaaccc62f3e7da3477e9eb61781a438bd94db0880dec376fdad7acce14a474c787a81e34f66ecb1095b14834b9ac05fe9304d595e1dcd4e005924683955c8d8b18cc993aca72c8f6828962a03e617ff1e811c55ce58b99f7abb052898dba102a0d18fb44600be7dce60b241f097097905ed0e082cfc7d3cd8a4d4f804ac2aca0aa44dfef155f6308343bfa9f2db86fa77f5398e7fec5cc07c4a163912111f627a41d8377b1d508dc1ea21b0ad71b0d3104a888c6182f4ddde02db26be06b0148f24ffc0663ac6476531c68f9c834ea81ed3494af94e88c70af2cd44d1d9d61b8b557f94a7c557ebc9d44baf6b4cb76e624f3601f7d7208c7dd54782ab41eadd5fc796c3403e1a3d1eed9f0dd35e36e3eaa8eec224a7abf467170d2b4ef58f83557cb30eff73a86440e6d507bb6053d07156a9794d195800e4778bca8de1770556b0e48b2ea7bed8187a16fb1a7f99ef57bb8e6796f7165967bd807abebd3c58dd95153bf45a896f828b422e962d8853f4d84c57cc4abc1d2441ff1c15b59b93a7e3947eafe4c109376cd85bf54c39c177dea990d711d55db0b185f630f946a3a6b76681634ca30950ba3d90b7441be0ee2314009159aabcee8df12a601327961c48dab74cd4c3605347b4edfc25f620e6cfb4dc7faccd67b8bf137256ff282b8d9780d0f2545e84424459d4de25decec2a91ceb12e0435b99f92677e9e4c3bd6ffca18bddb0f183f308bed814fcd857d656e7771f74e9edd7548135b568a91120d50c4d3ff86fca87b21b2a73c9473086936f34a2816af3fc84b15ccf77347bf51b4ac4dc13999e6e8554c15c8df8e2c8e9005a0cd04c60a5893a8d71159420faa079ae73b6cce97caf16ca3dc4dc88bf1f3b53d3a56a1e88c5dd30b568c29d262db0f39e5eb3c9ee9ab7daee76e6fa5f7f71cf76922c3dfa1024efb4f26ffa96d0d71dfcc9d7490bb93f3479807409c07bd2ee9287486b24339dc6e4243aecf787c48681c0b31a0c4e7ed7176014743499adf86f56d6c706f5478130fa66215dc4ac57085516c3f7c49c53cfd6f455752e8284649bb42a8792f485ab94b715af6ed3ffeb76b3beca8ab51ce315444fc181b4788b4620c3edfbb3ff7d25dad079c87360db3ce09d1ed0b08eebe29ccdf024c2d7a9f12b5e85b8f7e5641ecdbda9a3bbb9a88be377d5943af08982e4d2f7b703b32eea843848ee7895fd902157c3cea02335ce660b9602d65de42c633d0d2030a1fab32a4d59d646408be2ceeaf6c79adab6ebcb47e8928209c8050b76d70682382433aeb8b49dcf01bab41e56bf5d3fab823dead68c3c22207ef47aa8f48daf8135cd17238cef5a36297d0c0febeca5a1009e84de8ac0036e3029a9d532be49f2f6094937e3896bd259ef138bf7a93218d03322e158611d175b829ecb98c0760f32692fcc9a10b5941655df0e2f3988f2711b2bf3981aae66afdc7d610e1cdbd2a308caf949c4bf16381c73dea8c25e39e00e483fb40a85afc080bd92d3e6d949f34dbb4ef937f46227bb15fb8e4d92a4d00fe6fb75b9dc80724c49b7ff96c69cda7c9cbc680aaff37c1ceb9ac79d946b7a5946c2b10fdcd7015f12b9c60ecd6761b733c195c4605ce576722c06c680d66f599bb7ff31bf72b7f5921ff1df2ccb088c1bd1484c713c2da08cadc14f8bc5256840f5b68114b51932f969f1bd7b73ffec81e0f165efbecd9ade49ebd56c03d2e09dc73f33e8825b23192f8c4634791be0af495b53a437912f82ba9a69c75ef19d876472196ff6cc3c6d2eac6edd53b4bdc3d81e12a027f243ed7238f95776e2fb40847e651c19ee158767fddcdd1f13a4f5ef9d8c1e7551add71f5d373b79f01799a5edbfe18225447b091b8a40db782933735c184215bc0136add1fdb7323a4af91d2ad32e0278aa1bfc27814193c5c5581c0a5893d19e11d8f63fbec1475c003a9f633820f365b9f2de420878ea53326f8261e56a527f320033378f2154ce2f05f900878961f538ae58924012e91cc09db9b909c2649bebc251e36894bcaba6a54cda02e14a8e2caae6c5efda83b016f06090f55d0d8c2c31fd53e5b39d07a4f0cdc2951c2bd267ad1f7b047cf3c7f50905784cf1fa5871efa1468d906436b5e87828b83ed302dbc7114661509b33993db8734edc5a3d6a2604941810a9fba49c8de992f8df3590a6e6594db29dbb6f0d0e302a1c87739e10cf9bf11a78160f51a44f9e45bafb6a7bfd85809dc122fd0f8e2cd4dd80e7e374000000010d7c58b26e17cc4980ef20fec02bc3b7f534ef682b212a9535e63e34bec5b63cf3aa113e44d1294f5efc867b8db5f9ee163308e57836cad1573465cffaf18d6	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceId = "001800083428F09A"	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ApplicationFlags = "1"	svchost.exe

C:\Users\Admin\AppData\Local\Temp\xxx.exe
"C:\Users\Admin\AppData\Local\Temp\xxx.exe"
1⤵
PID:3380

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
- Modifies data under HKEY_USERS
PID:936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads