d11eafc2b57f14d9140c1b8b6e36748b8c2f77f25a9cc0700d103d00678f5147

General

Target

Details File Copy.exe
Size

974KB
MD5

b5464c82d6bd5268c38367beb9108ef0
SHA1

d4d10c50fa9dd4c6552fc5d784bc8cd3d990769a
SHA256

d11eafc2b57f14d9140c1b8b6e36748b8c2f77f25a9cc0700d103d00678f5147
SHA512

c6adb6d695813d8a32acee6774d22438fc8bacf905c88eec5c230b26a7bf20f578e501d5a8059964891df1d3469d864360fdf88dc23fc068af1e1dc0ddf203d4

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Details File Copy.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8BDFDCAA3D53E97D1940ED9FD6F8AD5D00EACD83	Details File Copy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8BDFDCAA3D53E97D1940ED9FD6F8AD5D00EACD83\Blob = 0f0000000100000020000000a7028b93aeeb88736b4c31672adc13d76a07f13eec230e098b6d988560458c4f0300000001000000140000008bdfdcaa3d53e97d1940ed9fd6f8ad5d00eacd832000000001000000f9020000308202f5308201dda0030201020210073421b2bd315caa4aa75fb9f86f400d300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303432393130303030305a170d3237303432383130303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100a70999e270175984af774b12da719c9536b539022abf420b6223456c88b1adf2615b9ccc196383a3181f68f9657ab40f13405b6a06fe4dfe3d0352dac1f0f138eb03a8d60aefe7e2b2e77b38f6ad2a64f8ee807c34861b4d12e65612055d60ca41908207c127d62178d4bbdd34430f7f0b647c2c333b77ac8e1689be17852331c1bd3e836dd656231ab112fa67501f1ffe3bbd1adc17325e442d22247be092fe51c0e32daa34653184e7d254f25358d104a4c7b15ff931d46bd7a7e800f91cf3aa89922fa7d98c6e93e76ad2391892a21afb32cacbd3aa26e205f8bce123f076517668596b833fd64ac38a63b40234d9ce4bb3bb08cb4aa295bc6966cd3613f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414cd7c6be15b815b8e3c4409e537c311309c7b322d300d06092a864886f70d01010b0500038201010087d2408a5a0d7a02136b84fd81d791a9d83485919135ac495d42dd38520577bb2592f492818192397db4ee723912d824c514887c3d7ae34c9b33cf3393db9b0549d2a8d84c2aed04a9731fd7670f2ea7ade92453231eac4b4a3e05256a800e933d70665c640a70718ce770e892cc0d0401d5039c6426d7fc3c9b456641d2e93f662b413197d063309915a6dd832aea728c2c149a3e40273cd7d985fd54caebee833c1e405ca8b1f3fd0bac7f8196022f308b8c8f3ac06d86f65ee3638862d8c793b31fce9435dbd9c630ef7928b093e414ed6c9925f989b076059f55e12a6cd6bfa5644c33d79cac98665b826cef1d719908fbeff276e6c7ff6e1c50b7215c84	Details File Copy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8BDFDCAA3D53E97D1940ED9FD6F8AD5D00EACD83\Blob = 140000000100000014000000cd7c6be15b815b8e3c4409e537c311309c7b322d0300000001000000140000008bdfdcaa3d53e97d1940ed9fd6f8ad5d00eacd830f0000000100000020000000a7028b93aeeb88736b4c31672adc13d76a07f13eec230e098b6d988560458c4f2000000001000000f9020000308202f5308201dda0030201020210073421b2bd315caa4aa75fb9f86f400d300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303432393130303030305a170d3237303432383130303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100a70999e270175984af774b12da719c9536b539022abf420b6223456c88b1adf2615b9ccc196383a3181f68f9657ab40f13405b6a06fe4dfe3d0352dac1f0f138eb03a8d60aefe7e2b2e77b38f6ad2a64f8ee807c34861b4d12e65612055d60ca41908207c127d62178d4bbdd34430f7f0b647c2c333b77ac8e1689be17852331c1bd3e836dd656231ab112fa67501f1ffe3bbd1adc17325e442d22247be092fe51c0e32daa34653184e7d254f25358d104a4c7b15ff931d46bd7a7e800f91cf3aa89922fa7d98c6e93e76ad2391892a21afb32cacbd3aa26e205f8bce123f076517668596b833fd64ac38a63b40234d9ce4bb3bb08cb4aa295bc6966cd3613f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414cd7c6be15b815b8e3c4409e537c311309c7b322d300d06092a864886f70d01010b0500038201010087d2408a5a0d7a02136b84fd81d791a9d83485919135ac495d42dd38520577bb2592f492818192397db4ee723912d824c514887c3d7ae34c9b33cf3393db9b0549d2a8d84c2aed04a9731fd7670f2ea7ade92453231eac4b4a3e05256a800e933d70665c640a70718ce770e892cc0d0401d5039c6426d7fc3c9b456641d2e93f662b413197d063309915a6dd832aea728c2c149a3e40273cd7d985fd54caebee833c1e405ca8b1f3fd0bac7f8196022f308b8c8f3ac06d86f65ee3638862d8c793b31fce9435dbd9c630ef7928b093e414ed6c9925f989b076059f55e12a6cd6bfa5644c33d79cac98665b826cef1d719908fbeff276e6c7ff6e1c50b7215c84	Details File Copy.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8BDFDCAA3D53E97D1940ED9FD6F8AD5D00EACD83\Blob = 190000000100000010000000a8355bdb761b1b8acb37320dbda0c5b10f0000000100000020000000a7028b93aeeb88736b4c31672adc13d76a07f13eec230e098b6d988560458c4f0300000001000000140000008bdfdcaa3d53e97d1940ed9fd6f8ad5d00eacd83140000000100000014000000cd7c6be15b815b8e3c4409e537c311309c7b322d2000000001000000f9020000308202f5308201dda0030201020210073421b2bd315caa4aa75fb9f86f400d300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303432393130303030305a170d3237303432383130303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100a70999e270175984af774b12da719c9536b539022abf420b6223456c88b1adf2615b9ccc196383a3181f68f9657ab40f13405b6a06fe4dfe3d0352dac1f0f138eb03a8d60aefe7e2b2e77b38f6ad2a64f8ee807c34861b4d12e65612055d60ca41908207c127d62178d4bbdd34430f7f0b647c2c333b77ac8e1689be17852331c1bd3e836dd656231ab112fa67501f1ffe3bbd1adc17325e442d22247be092fe51c0e32daa34653184e7d254f25358d104a4c7b15ff931d46bd7a7e800f91cf3aa89922fa7d98c6e93e76ad2391892a21afb32cacbd3aa26e205f8bce123f076517668596b833fd64ac38a63b40234d9ce4bb3bb08cb4aa295bc6966cd3613f90203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414cd7c6be15b815b8e3c4409e537c311309c7b322d300d06092a864886f70d01010b0500038201010087d2408a5a0d7a02136b84fd81d791a9d83485919135ac495d42dd38520577bb2592f492818192397db4ee723912d824c514887c3d7ae34c9b33cf3393db9b0549d2a8d84c2aed04a9731fd7670f2ea7ade92453231eac4b4a3e05256a800e933d70665c640a70718ce770e892cc0d0401d5039c6426d7fc3c9b456641d2e93f662b413197d063309915a6dd832aea728c2c149a3e40273cd7d985fd54caebee833c1e405ca8b1f3fd0bac7f8196022f308b8c8f3ac06d86f65ee3638862d8c793b31fce9435dbd9c630ef7928b093e414ed6c9925f989b076059f55e12a6cd6bfa5644c33d79cac98665b826cef1d719908fbeff276e6c7ff6e1c50b7215c84	Details File Copy.exe

C:\Users\Admin\AppData\Local\Temp\Details File Copy.exe
"C:\Users\Admin\AppData\Local\Temp\Details File Copy.exe"
1⤵
- Modifies system certificate store
PID:936

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/936-54-0x00000000755C1000-0x00000000755C3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing