49098581f433d2138dcbe0ceacb035303c8f3106a834534c11020ba990dedcf9

Analysis

max time kernel
107s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49098581f433d2138dcbe0ceacb035303c8f3106a834534c11020ba990dedcf9.exe
Size

52KB
MD5

69d24cbe0ec96d6aa186a1a1f8a19c97
SHA1

484d029fd54062a82b110adc28a80459c14b334a
SHA256

49098581f433d2138dcbe0ceacb035303c8f3106a834534c11020ba990dedcf9
SHA512

d0b91b8af863e93ea5e05e031e7f504910e7f95176a01847b6a10169a4dd42176fd82e03807ed5a737222f9d8a00bca816acc18f05c22c516e31a516501a73b4
SSDEEP

768:hOJmRj6jGKrmFf3WiwT9us4cjBfsE6h4zimz2fwCqZzAFdH0jTn/4Sudt:QK+1WfG1BfOhP+2JqZsFuHn/4z

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	49098581f433d2138dcbe0ceacb035303c8f3106a834534c11020ba990dedcf9.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7e7c7776627e7f3d766b76 = "C:\\Users\\Admin\\AppData\\Roaming\\eqml.exe"	49098581f433d2138dcbe0ceacb035303c8f3106a834534c11020ba990dedcf9.exe

C:\Users\Admin\AppData\Local\Temp\49098581f433d2138dcbe0ceacb035303c8f3106a834534c11020ba990dedcf9.exe
"C:\Users\Admin\AppData\Local\Temp\49098581f433d2138dcbe0ceacb035303c8f3106a834534c11020ba990dedcf9.exe"
1⤵
- Adds Run key to start application
PID:4828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4828-132-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4828-133-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4828-134-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download