4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9

Analysis

max time kernel
8s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27/10/2022, 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe
Size

376KB
MD5

9c458c07ecf18ce7e1c87f4b58e064b9
SHA1

e068bc5ea6978d9292326376edade2ff3e82991a
SHA256

4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9
SHA512

b76d4fa04d50907669426773a347304631d07511a4dff1a8495e2ba30ef7c7446b87d72d45771dcd6072c42f02238e3ca06f48061920a5a5da0c96acb7a5297c
SSDEEP

6144:LD1U5qcLBstYzutk0s82UpRt8yQXs38gdq:LD1NgX0s82Upk0Jd

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2128	4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OatvEkami = "regsvr32.exe \"C:\\ProgramData\\OatvEkami\\OatvEkami.dat\""	4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe

Modifies registry class 2 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{07AC3B46-1DEA-4996-A7F8-141677A01C43}\#sd = 433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c54656d705c346463333161636533323431323835656539366366653635663534646336303065386437363437336638383964393134636137363365326637376335646364392e65786500	4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\CLSID\{07AC3B46-1DEA-4996-A7F8-141677A01C43}	4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe

C:\Users\Admin\AppData\Local\Temp\4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe
"C:\Users\Admin\AppData\Local\Temp\4dc31ace3241285ee96cfe65f54dc600e8d76473f889d914ca763e2f77c5dcd9.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
PID:2128

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\OatvEkami\OatvEkami.dat

Filesize
250KB

MD5
db4efe1ecefb18857187379778d999d9

SHA1
7967e2c6cf0804b3ff324c7b027d18230de07bcb

SHA256
c74a9746ddb5ea2d63d3169d1569a5d89a27a0e9332ecfb94a0888d0fb1409ab

SHA512
023f8dbf08153bb46e8b92e47064c6a349893ae1f1bc5f3dfba5977517927d9cf716994a0791e9fb1d53120610306fc07254a34e8a0991245641996b5b887b34

Download Submit
memory/2128-135-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/2128-138-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/2128-139-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download