89331ad83208dcbc967498ce0e0686c580eb25c3aace0e03e6ffefc1fef96066

Analysis

max time kernel
132s
max time network
147s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89331ad83208dcbc967498ce0e0686c580eb25c3aace0e03e6ffefc1fef96066.exe
Size

776KB
MD5

8444768d6721a8c778783f34b3949dc0
SHA1

1f208352d804c728d7f49eb8deae725c73d4517e
SHA256

89331ad83208dcbc967498ce0e0686c580eb25c3aace0e03e6ffefc1fef96066
SHA512

ca75f04f0526ef71f0c0ff8f41eb1820465208f0e01795e1f15e4bd3defa4b70999f9ae1a00c72934dd76356354d2a00560f62266d75c2a95ee30a44f371d515
SSDEEP

24576:zXWfdwxNPYOL0JmBn14gpy13bffKE6Bpx0rHL:TWfdwbYmCmB14gpofC

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\AS2014 = "C:\\ProgramData\\DvrUnWxp\\DvrUnWxp.exe"	89331ad83208dcbc967498ce0e0686c580eb25c3aace0e03e6ffefc1fef96066.exe

C:\Users\Admin\AppData\Local\Temp\89331ad83208dcbc967498ce0e0686c580eb25c3aace0e03e6ffefc1fef96066.exe
"C:\Users\Admin\AppData\Local\Temp\89331ad83208dcbc967498ce0e0686c580eb25c3aace0e03e6ffefc1fef96066.exe"
1⤵
- Adds Run key to start application
PID:1204

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1204-54-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1204-56-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1204-57-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1204-55-0x0000000000400000-0x00000000004C6000-memory.dmp

Filesize
792KB

Download
memory/1204-58-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download