e3089b45284605971b1e621968a290fe37d5fba375ccbf83f14bd4b93a33b096

Analysis

max time kernel
4s
max time network
10s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
30-06-2022 19:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3089b45284605971b1e621968a290fe37d5fba375ccbf83f14bd4b93a33b096.exe
Size

611KB
MD5

415c1a6ab788cf624cb4e6654af3f99d
SHA1

b48d8ecadaaf4afb45b75b6b86ecaeab4de691e8
SHA256

e3089b45284605971b1e621968a290fe37d5fba375ccbf83f14bd4b93a33b096
SHA512

a7c438470010174d241fe59ca58bb61acc00965513d161f8b36f90261d8f98e64312d97a832f4c5cfffea0fe61b2d9ebe93a0678dfafb5351eac3d604763c169

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

e3089b45284605971b1e621968a290fe37d5fba375ccbf83f14bd4b93a33b096.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Windows Helper = "C:\\Users\\Admin\\AppData\\Roaming\\Windows Helper.exe"	e3089b45284605971b1e621968a290fe37d5fba375ccbf83f14bd4b93a33b096.exe

C:\Users\Admin\AppData\Local\Temp\e3089b45284605971b1e621968a290fe37d5fba375ccbf83f14bd4b93a33b096.exe
"C:\Users\Admin\AppData\Local\Temp\e3089b45284605971b1e621968a290fe37d5fba375ccbf83f14bd4b93a33b096.exe"
1⤵
- Adds Run key to start application
PID:4476

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4476-130-0x0000000000B10000-0x0000000000BAE000-memory.dmp

Filesize
632KB

Download
memory/4476-131-0x00007FFD42750000-0x00007FFD43211000-memory.dmp

Filesize
10.8MB

Download