928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3

Analysis

max time kernel
70s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3.exe
Size

48KB
MD5

6f5e23fa4f86db7124e85aa317e946c0
SHA1

29a60cea185b2edf65b1223fc3a4be7e2fc74245
SHA256

928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3
SHA512

c63ec72f4942109fdab0ff78aaeb66833c36308ddb2dbb0fb90f9067c2f0b0d0adca44e475a23c5e06de1673591ef690e1ccf5a59fc943f91d7772271e1e91d8
SSDEEP

768:EUazIazT/cBQFzUAzG3DqzsYl2kBMITZKoZI:/szUAzG3MdBKoZI

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Java Update = "C:\\Windows"	928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
644	928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
644	928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3.exe

C:\Users\Admin\AppData\Local\Temp\928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3.exe
"C:\Users\Admin\AppData\Local\Temp\928cf0e4da583674f2c72d48118d883ffaf4b0f758ec012f25049c4deba4a1e3.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/644-132-0x00007FF98E080000-0x00007FF98EAB6000-memory.dmp

Filesize
10.2MB

Download