def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918

Analysis

max time kernel
155s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
Size

569KB
MD5

802d564c270943565360ab3058c6a690
SHA1

d8bda2148e740579c96ebe2421b63f5d692c2c1d
SHA256

def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918
SHA512

a499d4c88ede8491a731860c53922fc1083c29083fec8b6fcbab27cc1cd92faf57e4b7269be1a58cdf155821f23f0ff66a3737b2de5905810f01db91d7cae877
SSDEEP

12288:ji8l1vGkvn6WIi9aDhoFPp37jtHslw7QS27dNTac:e8dd6WIioDh+PzMlAuDTv

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Sound = "C:\\Windows\\Sound.exe"	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Sound.exe	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
File opened for modification	C:\Windows\Sound.exe	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
1788	def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe

C:\Users\Admin\AppData\Local\Temp\def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe
"C:\Users\Admin\AppData\Local\Temp\def22cfc787e93dea23b878f6156132c4e2e2d5bf9cd9d806e181cd5c4248918.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1788

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-54-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download