resource	yara_rule
behavioral1/memory/1976-55-0x0000000140000000-0x000000014005B000-memory.dmp	upx
behavioral1/memory/1976-69-0x0000000140000000-0x000000014005B000-memory.dmp	upx

pid	Process
1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe
1284	Process not Found

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	UVK_en64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	UVK_en64.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	UVK_en64.exe

description	pid	Process
Token: 33	1728	UVK_en64.exe
Token: SeIncBasePriorityPrivilege	1728	UVK_en64.exe
Token: SeRestorePrivilege	1728	UVK_en64.exe
Token: SeTakeOwnershipPrivilege	1728	UVK_en64.exe
Token: SeDebugPrivilege	1728	UVK_en64.exe
Token: SeSecurityPrivilege	1728	UVK_en64.exe
Token: SeBackupPrivilege	1728	UVK_en64.exe
Token: SeImpersonatePrivilege	1728	UVK_en64.exe
Token: SeSystemProfilePrivilege	1728	UVK_en64.exe
Token: SeAssignPrimaryTokenPrivilege	1728	UVK_en64.exe
Token: 31	1728	UVK_en64.exe
Token: SeTcbPrivilege	1728	UVK_en64.exe
Token: SeIncreaseQuotaPrivilege	1728	UVK_en64.exe
Token: SeShutdownPrivilege	1728	UVK_en64.exe
Token: SeRestorePrivilege	1728	UVK_en64.exe
Token: SeTakeOwnershipPrivilege	1728	UVK_en64.exe
Token: SeDebugPrivilege	1728	UVK_en64.exe
Token: SeSecurityPrivilege	1728	UVK_en64.exe
Token: SeBackupPrivilege	1728	UVK_en64.exe
Token: SeImpersonatePrivilege	1728	UVK_en64.exe
Token: SeSystemProfilePrivilege	1728	UVK_en64.exe
Token: SeAssignPrimaryTokenPrivilege	1728	UVK_en64.exe
Token: 31	1728	UVK_en64.exe
Token: SeTcbPrivilege	1728	UVK_en64.exe
Token: SeIncreaseQuotaPrivilege	1728	UVK_en64.exe
Token: SeShutdownPrivilege	1728	UVK_en64.exe

description	pid	Process	procid_target
PID 1976 wrote to memory of 1096	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	26
PID 1976 wrote to memory of 1096	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	26
PID 1976 wrote to memory of 1096	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	26
PID 1096 wrote to memory of 1116	1096	cmd.exe	28
PID 1096 wrote to memory of 1116	1096	cmd.exe	28
PID 1096 wrote to memory of 1116	1096	cmd.exe	28
PID 1976 wrote to memory of 1488	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	29
PID 1976 wrote to memory of 1488	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	29
PID 1976 wrote to memory of 1488	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	29
PID 1488 wrote to memory of 1392	1488	cmd.exe	31
PID 1488 wrote to memory of 1392	1488	cmd.exe	31
PID 1488 wrote to memory of 1392	1488	cmd.exe	31
PID 1976 wrote to memory of 1728	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	32
PID 1976 wrote to memory of 1728	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	32
PID 1976 wrote to memory of 1728	1976	072087ec3b8be885fd82335ca0f6a831003679763eb3fd472fab01deb510f0af.exe	32

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.