15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 09:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39.exe
Size

674KB
MD5

80fe214ab83d948e7452446a733c0667
SHA1

ffd52adc7aa39acb551ba89d5bc94ac24239b1cb
SHA256

15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39
SHA512

c1b0e91ca55c7ef79eca3806c57bef02c3c620dd6cfc972c5d7ccec054e74def5a13220fbc7ac61f026205d983af4029c34e8bdb90c69fd27ab20e438d84f36b
SSDEEP

12288:3Lz91JQHhqH6yx+ghefU1R90irPeHZOmkTtsh5kboHQeBA/Y7WEKQ:bzTJIqH6ygrU1pru8ajkbReBA/Y1

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\svohost = "C:\\Windows\\system32\\svohost.exe"	15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\svohost.exe	15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39.exe
File opened for modification	C:\Windows\SysWOW64\svohost.exe	15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39.exe

C:\Users\Admin\AppData\Local\Temp\15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39.exe
"C:\Users\Admin\AppData\Local\Temp\15f239210210848781b91ef6c196450d6c8b12986051891ab1d77f0d4300eb39.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1604

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1604-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1604-55-0x0000000000400000-0x00000000008A2000-memory.dmp

Filesize
4.6MB

Download
memory/1604-56-0x0000000000400000-0x00000000008A2000-memory.dmp

Filesize
4.6MB

Download