3ca3364bacc38346dd777c8f90de705fd01c008161c4d1fa149ccf1b6205bbfb

General

Target

Document.exe
Size

986KB
MD5

9bfee233b1eb08709245723a8a67bd58
SHA1

d2e1024fe896e61f3256ea1980fbdb34b493e959
SHA256

3ca3364bacc38346dd777c8f90de705fd01c008161c4d1fa149ccf1b6205bbfb
SHA512

9c8818c7694616130318f9b854d09777c6168c7c5d19d83269de4cbb22f6e60da081337bc0bb7eda9c9e52c171bbda1cda3959fa2a7e5001674bdaabc2972afd

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

Document.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\707C840D3EAE220C498B10EC1B0FC1F964FEAE78\Blob = 1400000001000000140000004396b0e0ce3c960a4d72b9b59b4f9865bd29d35e030000000100000014000000707c840d3eae220c498b10ec1b0fc1f964feae780f000000010000002000000051fa605090389bd0d08468ed5ad1a6220b00f51f5cf90ec5d5c7cb15896915562000000001000000f9020000308202f5308201dda00302010202106266da82175bfe468f1a06235439f7f3300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303731353133303030305a170d3237303731343133303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100dd09c530f67ea100e0d279c4c60fe2858c8514537447f6c65dcde0691c8254fdf6696052767f39d59c6fffc2123f08c41e6b14650a35a2c55ed75de57a889aa4592781ff7985df30d529b35c4c883b6623eee9672d7f86f8be07b1e327e73405aefba4740434e92ccfb2555b0e7679ab1ebaa7c964105c44d2585862742d886c04a4cc163911c207acd990db240fda27d2d95dc43b8728b9ac5fba1428a5c6216607b3edb0285f2cecb849537b3327a46637c8266086fb27affbdf34e33596f86b4165102faf06b5d9cdb413a555ee819a1dbeff13aa8d4811bad69c99bfc0f2c60948daf60b168739843dcff74f37625142eb7bc17dfb1cd525ccc953a4d65f0203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e041604144396b0e0ce3c960a4d72b9b59b4f9865bd29d35e300d06092a864886f70d01010b050003820101002dc480557e6e5d4a0f36ad530f29723bb5b4ee1e349243138bb592f42c9eff07b49c671910597b6efd2b97fba04aa5fcc8f6d90f6116b38d30e79bc461352cb4ba7813a8cba0e9bdd6129bc45e2f613a493f4a4795a11417f32e10ad252f495ab641e74ff88d4777be6c1c6f983e56529692599225f238bacaf3066e011ef9af6b9363eb88915902875e443857fb1a6bda6c706f8ff192eba911cf30a0ba03f63aed6a6fe55ebb7620f0b6a7c2fd9cd8b11af1eea59b4f9bf014350a71fcf33f2268ac1f2ea77b03186f4d9f63c12456bfbdf47423ab8bdc9c7b7b7abdaf567ca1b3e5ce52fe3527c5ffff6e75a3c2068d02b3da7e322bbbc79db9114f9fc690	Document.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\707C840D3EAE220C498B10EC1B0FC1F964FEAE78\Blob = 190000000100000010000000cb84a92953f3ece5b106bffb79ee43450f000000010000002000000051fa605090389bd0d08468ed5ad1a6220b00f51f5cf90ec5d5c7cb1589691556030000000100000014000000707c840d3eae220c498b10ec1b0fc1f964feae781400000001000000140000004396b0e0ce3c960a4d72b9b59b4f9865bd29d35e2000000001000000f9020000308202f5308201dda00302010202106266da82175bfe468f1a06235439f7f3300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303731353133303030305a170d3237303731343133303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100dd09c530f67ea100e0d279c4c60fe2858c8514537447f6c65dcde0691c8254fdf6696052767f39d59c6fffc2123f08c41e6b14650a35a2c55ed75de57a889aa4592781ff7985df30d529b35c4c883b6623eee9672d7f86f8be07b1e327e73405aefba4740434e92ccfb2555b0e7679ab1ebaa7c964105c44d2585862742d886c04a4cc163911c207acd990db240fda27d2d95dc43b8728b9ac5fba1428a5c6216607b3edb0285f2cecb849537b3327a46637c8266086fb27affbdf34e33596f86b4165102faf06b5d9cdb413a555ee819a1dbeff13aa8d4811bad69c99bfc0f2c60948daf60b168739843dcff74f37625142eb7bc17dfb1cd525ccc953a4d65f0203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e041604144396b0e0ce3c960a4d72b9b59b4f9865bd29d35e300d06092a864886f70d01010b050003820101002dc480557e6e5d4a0f36ad530f29723bb5b4ee1e349243138bb592f42c9eff07b49c671910597b6efd2b97fba04aa5fcc8f6d90f6116b38d30e79bc461352cb4ba7813a8cba0e9bdd6129bc45e2f613a493f4a4795a11417f32e10ad252f495ab641e74ff88d4777be6c1c6f983e56529692599225f238bacaf3066e011ef9af6b9363eb88915902875e443857fb1a6bda6c706f8ff192eba911cf30a0ba03f63aed6a6fe55ebb7620f0b6a7c2fd9cd8b11af1eea59b4f9bf014350a71fcf33f2268ac1f2ea77b03186f4d9f63c12456bfbdf47423ab8bdc9c7b7b7abdaf567ca1b3e5ce52fe3527c5ffff6e75a3c2068d02b3da7e322bbbc79db9114f9fc690	Document.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\707C840D3EAE220C498B10EC1B0FC1F964FEAE78	Document.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\707C840D3EAE220C498B10EC1B0FC1F964FEAE78\Blob = 0f000000010000002000000051fa605090389bd0d08468ed5ad1a6220b00f51f5cf90ec5d5c7cb1589691556030000000100000014000000707c840d3eae220c498b10ec1b0fc1f964feae782000000001000000f9020000308202f5308201dda00302010202106266da82175bfe468f1a06235439f7f3300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3232303731353133303030305a170d3237303731343133303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100dd09c530f67ea100e0d279c4c60fe2858c8514537447f6c65dcde0691c8254fdf6696052767f39d59c6fffc2123f08c41e6b14650a35a2c55ed75de57a889aa4592781ff7985df30d529b35c4c883b6623eee9672d7f86f8be07b1e327e73405aefba4740434e92ccfb2555b0e7679ab1ebaa7c964105c44d2585862742d886c04a4cc163911c207acd990db240fda27d2d95dc43b8728b9ac5fba1428a5c6216607b3edb0285f2cecb849537b3327a46637c8266086fb27affbdf34e33596f86b4165102faf06b5d9cdb413a555ee819a1dbeff13aa8d4811bad69c99bfc0f2c60948daf60b168739843dcff74f37625142eb7bc17dfb1cd525ccc953a4d65f0203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e041604144396b0e0ce3c960a4d72b9b59b4f9865bd29d35e300d06092a864886f70d01010b050003820101002dc480557e6e5d4a0f36ad530f29723bb5b4ee1e349243138bb592f42c9eff07b49c671910597b6efd2b97fba04aa5fcc8f6d90f6116b38d30e79bc461352cb4ba7813a8cba0e9bdd6129bc45e2f613a493f4a4795a11417f32e10ad252f495ab641e74ff88d4777be6c1c6f983e56529692599225f238bacaf3066e011ef9af6b9363eb88915902875e443857fb1a6bda6c706f8ff192eba911cf30a0ba03f63aed6a6fe55ebb7620f0b6a7c2fd9cd8b11af1eea59b4f9bf014350a71fcf33f2268ac1f2ea77b03186f4d9f63c12456bfbdf47423ab8bdc9c7b7b7abdaf567ca1b3e5ce52fe3527c5ffff6e75a3c2068d02b3da7e322bbbc79db9114f9fc690	Document.exe

C:\Users\Admin\AppData\Local\Temp\Document.exe
"C:\Users\Admin\AppData\Local\Temp\Document.exe"
1⤵
- Modifies system certificate store
PID:1988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-54-0x00000000761D1000-0x00000000761D3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing