2fe9ed9f3d62f7961f4a1c9bcef294c76a5e9529d72cb38f59a6165d58744fdb

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fe9ed9f3d62f7961f4a1c9bcef294c76a5e9529d72cb38f59a6165d58744fdb.exe
Size

251KB
MD5

90163b821a2f5f9be89f72609c19a8f0
SHA1

6569fd13b3d9f35cece29a559ceac565b471f764
SHA256

2fe9ed9f3d62f7961f4a1c9bcef294c76a5e9529d72cb38f59a6165d58744fdb
SHA512

aa6cf3cfb60caf55a29ea7942be87ec848e54de68985232c26b7a36d0f37c2cb099e3a2621c0f325341a81e81511376e2e43e8417f3b4ab90ffca49c0c686205
SSDEEP

3072:GEH+GiEs2SMylNOjyFbxJB5qp23VWh1CegeySfBFIDtgLE0zazoI7h+aS1Go:GsehzRFGksy4GgYZzo0naGo

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	2fe9ed9f3d62f7961f4a1c9bcef294c76a5e9529d72cb38f59a6165d58744fdb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	2fe9ed9f3d62f7961f4a1c9bcef294c76a5e9529d72cb38f59a6165d58744fdb.exe

C:\Users\Admin\AppData\Local\Temp\2fe9ed9f3d62f7961f4a1c9bcef294c76a5e9529d72cb38f59a6165d58744fdb.exe
"C:\Users\Admin\AppData\Local\Temp\2fe9ed9f3d62f7961f4a1c9bcef294c76a5e9529d72cb38f59a6165d58744fdb.exe"
1⤵
- Adds Run key to start application
PID:620

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/620-54-0x0000000001000000-0x0000000001042000-memory.dmp

Filesize
264KB

Download
memory/620-55-0x0000000001000000-0x0000000001042000-memory.dmp

Filesize
264KB

Download