b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63

Analysis

max time kernel
149s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63.exe
Size

930KB
MD5

a1160819430b5123db01aaecaa7c0620
SHA1

a4e8078f48df3f020c675089bf75b02e640a210c
SHA256

b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63
SHA512

f00959293742011bff5f7d285d88e18895a97d5e0fbde0009b0152f631fe9cd6a97e05db3c5e93a891a88fe4debbd13051ee8e4d0c5d9c8d7c01ba1f7384498c
SSDEEP

12288:mLtE7RaXzmiFYM7Uyj2LYeb+v9Ld7Q2GaWGaZOinO/icrRESu5Is7lwd:StE7Ray4YGUyj2LYeGRxVWGon0Sbwd

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\System-Service = "C:\\Windows\\SYSTEM\\EXPLORER.SCR"	b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SYSTEM\EXPLORER.SCR	b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63.exe
File opened for modification	C:\Windows\SYSTEM\EXPLORER.SCR	b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63.exe

C:\Users\Admin\AppData\Local\Temp\b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63.exe
"C:\Users\Admin\AppData\Local\Temp\b8a637b7cc581f4347e79100f86f85dca6ab696a64bf74bff54692d827fd5e63.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1372

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1372-54-0x0000000075921000-0x0000000075923000-memory.dmp

Filesize
8KB

Download