fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6

Analysis

max time kernel
8s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28-10-2022 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Size

72KB
MD5

0b41e5ee73e9381ba8c95e87473b46dc
SHA1

8f0693ed1bd53a5075cde88940b83a10e90f21b8
SHA256

fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6
SHA512

13d58fbb5fafcaefc4c995ccdcbb67bf556dea782056b9b34bcadbdaf214c4b5202fc0c1e6677a5f90302db80debff471be24b1bbcf9af40560e8f0765c061fd
SSDEEP

384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2D:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrv

Score

10^/10

evasion

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5036	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe

C:\Users\Admin\AppData\Local\Temp\fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe
"C:\Users\Admin\AppData\Local\Temp\fecda076cf9680b2cf7b61501f8b987a3edd3f7e59ad1d165528a18b761001f6.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Disables RegEdit via registry modification
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:5036
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\
  2⤵
  PID:4868
- C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe
  "C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe" C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\
  2⤵
  PID:364
- C:\Users\Admin\AppData\Local\Temp\Low\backup.exe
  C:\Users\Admin\AppData\Local\Temp\Low\backup.exe C:\Users\Admin\AppData\Local\Temp\Low\
  2⤵
  PID:1540
- C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe
  C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\
  2⤵
  PID:1104
- C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe
  C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\
  2⤵
  PID:2024
- C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
  C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\
  2⤵
  PID:4928
- C:\Users\Admin\AppData\Local\Temp\3996922988\backup.exe
  C:\Users\Admin\AppData\Local\Temp\3996922988\backup.exe C:\Users\Admin\AppData\Local\Temp\3996922988\
  2⤵
  PID:4972

C:\backup.exe
\backup.exe \
1⤵
PID:2828

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3996922988\backup.exe

Filesize
14KB

MD5
a893811ac581a0a82ca5821ba4415377

SHA1
22d093f4cd6850254b01814f8bb86d96c2026b0c

SHA256
28cc0aad1333a740b6e3aff4450dd75f747eabde4363a9c4185b81301e216520

SHA512
eed362a744d1aade70b9b6f968928f77d137576cd919c0548849809bbea85ca02b745aa7a2445a3a35bdbcaf762b53e3a119ecccefb1d29f65e04d86a6f0fa02

Download Submit
C:\Users\Admin\AppData\Local\Temp\3996922988\backup.exe

Filesize
18KB

MD5
129c6957c0df531fe802f475b308bc2d

SHA1
c9a7824d089f9b1100199131a63c4dec6931b792

SHA256
74259e88337749bcf525922d006a2f7bd45a2982bf83420de45f4f9910983ebd

SHA512
3ea7c08decfb90993089d1988547b90b1d796d2307f15e9bf6b9f381bdc7601e0697b0da6c797375d795fcea9cfb9f3b7137138b92bc28c94fad596571841abf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Low\backup.exe

Filesize
24KB

MD5
c4ca73fe20a276d9cca355e6364c7f1e

SHA1
623eeb270ebe62d5e9a27ae4055dd3a4f5ec893b

SHA256
e40f8570395d2d89a42917d91a0aa45c8f8c517bf016b81febba63341acf8d49

SHA512
a401bb17025971b4d9d9573962e7c89d94d1c8812673c18aba26f8913ca3d33af5cbe2ad530b685139eb3c0f5c3af011b980ef6f398cf0cd7b58abd29e993a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Low\backup.exe

Filesize
35KB

MD5
7ad50843bc4a983f53dbb60ae210a5c9

SHA1
2aff36a35cbbe7d440edc7c8d9b4cace322714cb

SHA256
b45e3bdced4c850360238c88cb8eca59001cc378e8446adc04b2f1a4dd1852de

SHA512
11a0a7f48fc667e261b9d609796db830479f4d1e996fb4fdff0349e90f60b2059a8b9ae5e3656d4b1b7b3062d2c34f2fb5cf3c13c68d3527de1f36f05c0913f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe

Filesize
18KB

MD5
689677a7e9649661696e68c6162ddee9

SHA1
dd67234efab570ecc154d3d2d99c0aff59f09558

SHA256
af9b8b1a314c238267851cd89d3a239a1db15a5cd0754137553c1b92edcd1621

SHA512
3ad72a7155fb5f7088d5dd491490cae6d18481ac68aa2a9249ee18d412ce1a80a094f04085805620926d84cd3524e9642b3e645fd293bf9bda353767e96cae51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x64 Redistributable Setup_10.0.40219\backup.exe

Filesize
27KB

MD5
9b878c61d77a77fd2eb56a5bbbda05ba

SHA1
7f80d61c04fcac17f3eeffec9cca5f61a0cc3509

SHA256
d936c31abb3c333292017e9f663f497fe2c2339e689c9172f3649234820a600e

SHA512
3354b7f7515ea0e377b21cf64cb47ab66c86980a4a37e46ab449a6369b133be726a835cecb734784e4b3e3a78eb7f7a47d877b88432af2174e592705f42c380a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe

Filesize
32KB

MD5
55d8480304dc5524fbf65fa708b158e8

SHA1
018acb045ce943bb2b73a991b477e499e13091f4

SHA256
07a3fb0184adb80122a6a793bde38f0bd9e82ceea50b075211baccfd6cb20d3e

SHA512
702bc5561cf5497951b0ced5f29ac05c4d0952ca54dd6f4e5349df514904bddf68261ea66d815745bb9a7110c2437227d70318184b9eb7bd9ff74ae3370df3f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219\backup.exe

Filesize
34KB

MD5
0c078d837dcf928075a6622dd6673bce

SHA1
330d57f489d9e73f2e26be37f13643f94a3239f7

SHA256
784892c48f4db6e2d9e74ffaea5086f1cacf3c954dfcc600377c3896114c4aa1

SHA512
761a3b79fce104fa6af9003610861ff12abefdca90935bf096fca69a345f1544b6031f20858e73053c737789cf7492b6aff6f833d0114d0c094bb61f6e449dfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe

Filesize
38KB

MD5
5cc02e57cfa16fcce93ddd3674811bd4

SHA1
9d0a1a112fe87ca1bdd212a582ed61a6ecce2097

SHA256
f03d729b18790e08cd207dc5cab3e740784e7b88c8312878001b9bdf085460ab

SHA512
6e2e29b2b99c5679a169a608ae8d6c1eb0f507e3e5d249f72034fc8484a518a9215a119f91c1f5f884b8635225c722ac517bed222d9737eb6867fdd966496fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe

Filesize
38KB

MD5
0aedc72ca40b7f2b69689a8af0cabb0d

SHA1
ccfe5601f355fb8d6cf191bb6342500668af18f2

SHA256
b634ff49ad5720abe21735c8efbfb257be9eac2d5fc80256992d8d9037c7a8bf

SHA512
33ddb17bcdff7c7a5ba3c59043981b6e8aa89c221909a3d5bf8549cf5d5c832a98ad2a4624d9791e15f9e1a38b25789c1e7cb6cac91767f40b903d0abe8414ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe

Filesize
46KB

MD5
035c992d8d2606dfbce5abdbefc42971

SHA1
84041b691dbb54bd0abad82d634e0792bfbb8664

SHA256
8bfa5f7eefb1c22faa044ac87b2f12fa9354654b9a7e8f8b8ee6d13f2ca15463

SHA512
29c519a69e2abc029abf10fc8ab61b34e4b1574af03fc5da3a19d8912476d5ac9950a197a9cfb51545d1d8164bb4fa77c208f2d4942835f01ca0a339f320da32

Download Submit
C:\Users\Admin\AppData\Local\Temp\hsperfdata_Admin\backup.exe

Filesize
50KB

MD5
0d9d7831c863f861d1bc0896fba7c704

SHA1
cf0ad4916ec0e5ac3c84882652bcb2d62545cab9

SHA256
b8462c073bfe430c00ec9362ace9a3e5a244728084e2f5f2d32081dfd8612727

SHA512
f33ee55a4b8c190259188947f1eec76df379a0a01a86991c014ac50f79612e45ef776cbdcba8b4d11b4818018395a5bb3f8506cb460353ba46b77ac832850508

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe

Filesize
28KB

MD5
60e9c4a5f15927d7899d16f1c487a034

SHA1
6875c2e6510250d0228deb10b5c6798e4acb730a

SHA256
be05f30a7d1070894208c3c0d1ff3d3acd5f5877ad992180a8a45595f9dea7fd

SHA512
a9b890f75751536df5c537d4520482f7ef97cc2173c8324670ae826235c3d89b2e7029ffde4e02f694366992e6e283f265e5eb8b10289321eb44515f7ef43d51

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\backup.exe

Filesize
46KB

MD5
01133d3644608d28a62ffd3e29c57d3f

SHA1
bc047b576f0d1efbbdc0e9ee07f8b4c4d348c562

SHA256
aaaa95db458c9b8a4109b1e81d697da0e5312d9edb19a5167b25e96e5965d1e1

SHA512
9fe9466a37011fd4977aeb696943f84f39db24c79ac9d350932f330be4644e8d20ac2e55204358d19798b05436e31416bc23e167f692932d4bf73b348093fe7a

Download Submit
C:\backup.exe

Filesize
16KB

MD5
0950c2d6280d2175f0983d2b3c7b4710

SHA1
9fbd448b7a87fe30905dcb4ca7a1b6aaf4d20962

SHA256
01a8d035205f461cdbe6dd69b5716f551d5608fc5862b181d6fd4f706654cce4

SHA512
f438dff43750546faa721035649cd4d644768eb9774b6c1f83a212a06b87426ea1702147d08c1da02c4939ed82efd2d4a25763aac0aa69cce76a109fefdeb363

Download Submit
C:\backup.exe

Filesize
47KB

MD5
57852b5e50c646166daec23df8d2acae

SHA1
6f8310ed561b02f28521c4392b366d1034f00515

SHA256
7198c7fdf8dbe520540eff3797523f090aeab061d8303cac77eeb046169fe3da

SHA512
0dd9be3d28339627388150d5f5b4d94887d6083bb4f378d1f53e52bdf0162023454e6d1ea3932664080962ab11f3f6f8688205221adf37ca10bf3ba52f5a1361

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads