4666ac1ec14feed1468f19af2058bcb41bdf9807fdd1150c602808443498fc91

Analysis

max time kernel
151s
max time network
157s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4666ac1ec14feed1468f19af2058bcb41bdf9807fdd1150c602808443498fc91.exe
Size

775KB
MD5

6b7f58753e45ae8cde9092e7a3198900
SHA1

872dc0b0e103d08a32b683793b8c607ee674d1fb
SHA256

4666ac1ec14feed1468f19af2058bcb41bdf9807fdd1150c602808443498fc91
SHA512

01b9e1f1179bc0feb1dff4573648b5c34fc9dbbf179735502801641d87f0077f2a92327ac2e56e29053eabf0b1f3f81e145ad857001173d8240be22924fed6a3
SSDEEP

24576:dTmEu3moh1jkMnVZHklW08nfGWoxwwwcjngU:dCEuWorVnclW3eWawDcEU

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\AS2014 = "C:\\ProgramData\\RpD333lD\\RpD333lD.exe"	4666ac1ec14feed1468f19af2058bcb41bdf9807fdd1150c602808443498fc91.exe

C:\Users\Admin\AppData\Local\Temp\4666ac1ec14feed1468f19af2058bcb41bdf9807fdd1150c602808443498fc91.exe
"C:\Users\Admin\AppData\Local\Temp\4666ac1ec14feed1468f19af2058bcb41bdf9807fdd1150c602808443498fc91.exe"
1⤵
- Adds Run key to start application
PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-54-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1976-55-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1976-56-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1976-57-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1976-58-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1976-59-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download
memory/1976-60-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download