1db513f9d30bca4fc82e291b2fa1b1c480399173cb7f27d029d8872e76e85c8e

Analysis

max time kernel
135s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1db513f9d30bca4fc82e291b2fa1b1c480399173cb7f27d029d8872e76e85c8e.exe
Size

71KB
MD5

666a4c429d4984a394f77318661d6f74
SHA1

8a6ef26963b2524cea8f23ce2551b8d8aa08a394
SHA256

1db513f9d30bca4fc82e291b2fa1b1c480399173cb7f27d029d8872e76e85c8e
SHA512

6c8627924f7abe2f70f28f4c112c874b000bcc4195795a953bc4db57a240698853a2f1533d42c1334c97130fe03875034129022f02da25ddace7fa488f434a6e
SSDEEP

1536:g6LieI1vDM5luuzMis/Pmhz6GXBCO3H4BA6YIUNl:geIuMisezZx1Hj6YISl

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	1db513f9d30bca4fc82e291b2fa1b1c480399173cb7f27d029d8872e76e85c8e.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a3a1aaababbbafe0abb6ab = "C:\\Users\\Admin\\eeua.exe"	1db513f9d30bca4fc82e291b2fa1b1c480399173cb7f27d029d8872e76e85c8e.exe

C:\Users\Admin\AppData\Local\Temp\1db513f9d30bca4fc82e291b2fa1b1c480399173cb7f27d029d8872e76e85c8e.exe
"C:\Users\Admin\AppData\Local\Temp\1db513f9d30bca4fc82e291b2fa1b1c480399173cb7f27d029d8872e76e85c8e.exe"
1⤵
- Adds Run key to start application
PID:4708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4708-132-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4708-133-0x0000000000030000-0x0000000000033000-memory.dmp

Filesize
12KB

Download
memory/4708-134-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4708-136-0x0000000000030000-0x0000000000033000-memory.dmp

Filesize
12KB

Download
memory/4708-137-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/4708-138-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download