bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e.exe
Size

228KB
MD5

0466d2a3679b02723cd789513e9d7548
SHA1

c82aa7945a8af6523777f92e866b8ca5b0a2b1b0
SHA256

bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e
SHA512

29914da14f1b87dd711f2f94de3b886528c246e975a4fc07f92de827e4beb3bc092bb557e79820f9fbd84df7df84c2c32c3099cf9223c283b8cbd3da72e0a6d7
SSDEEP

3072:G6sokUEvz4hCzOO9eXbwD9hd8rikqVNeC6tac7X3k3LMYVrKDRQn5xkNTTZx/7VD:wz4hqTD9zuiJVNeFa+Hk79rKSShZx/

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Win32res = "C:\\Users\\Admin\\AppData\\Local\\Temp\\bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e.exe"	bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1472	bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e.exe
1472	bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e.exe

C:\Users\Admin\AppData\Local\Temp\bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e.exe
"C:\Users\Admin\AppData\Local\Temp\bd1c0703066046a5e0431e28e041e0e4c820675a52bcae0c2d411a258c57263e.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1472

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1472-132-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download