119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9

Analysis

max time kernel
139s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
04-06-2022 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe
Size

27KB
MD5

09500e1ea7c6392c4e956a0afd9f30f9
SHA1

e9eb6ee535d09f049abb754db0071bed91599baf
SHA256

119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9
SHA512

b134046fd11a2b4a7c266015ffd94c84521a085990ef6c78909f5618823c4160e50adb05690b9350b9e38c0a1df7396c19359a8bb38950bc034b52ba2e2d6004

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows installer = "C:\\winstall.exe"	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe

pid	process
4304	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe
4304	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe
4304	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe

Suspicious use of SendNotifyMessage 3 IoCs

Processes:

119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe

pid	process
4304	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe
4304	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe
4304	119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe

C:\Users\Admin\AppData\Local\Temp\119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe
"C:\Users\Admin\AppData\Local\Temp\119c3521356bde66ed4de31c42a556c9f4e5460109c727d892d135ae520860b9.exe"
1⤵
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4304

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4304-130-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4304-131-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download