1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c

Analysis

max time kernel
146s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 21:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe
Size

388KB
MD5

84be3ba7615a82a4be0ebf2100b5cf10
SHA1

a1b7c8c10cbb394686739ba8e586cf514ba40ef8
SHA256

1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c
SHA512

610cf52e7d7fe0ff1479ae84e132074b4a87e9acb224013c774115fed303042494cb409eeec23d9ddf710ae3c169b746f5cb5c7ab491f4d911925cca49e50938
SSDEEP

6144:uKYCLBGIAxm/EunFUdb+2zW/uAci+eXIk4ZGcEXnReQse35S8dH6G1N7WIhkwjGU:uQ9BEuF6Kl/uAcihIjYcXe35FN7WIdGU

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run	1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ssp = "\"c:\\users\\admin\\appdata\\local\\temp\\1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe\""	1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4060	1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe
4060	1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe

C:\Users\Admin\AppData\Local\Temp\1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe
"C:\Users\Admin\AppData\Local\Temp\1a5b701dd72cf06e609c8b19a84e43339cadcacee5fde6073b95d95dd19ca24c.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:4060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4060-132-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4060-133-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4060-134-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/4060-135-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download