cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9

Analysis

max time kernel
112s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9.exe
Size

286KB
MD5

0913caf97b6188824b36e81e720106e7
SHA1

1187925ca0be67ced1d43146d76c26491c3bc104
SHA256

cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9
SHA512

8492f77f5306627ba1af063f28cb3976bf1c43fcfe3d4e73cbd72d730f5cc2415376b4b12197e4fbb66c43e8489cfbfa553e833e5ae2ee7abfe6b60fb864ae47
SSDEEP

6144:sXjCP8bkNVWKNwELD73jpKc16emO+upduzrlAo2Q+fP7:sXjCP8bkNsKNwcD73jpKcYemO+DrlAo2

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\	cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysmon	cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\sysmon = "C:\\Windows\\system32\\sysmon32.exe"	cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\sysmon.tmp	cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9.exe

C:\Users\Admin\AppData\Local\Temp\cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9.exe
"C:\Users\Admin\AppData\Local\Temp\cc533de91fb6794d0f3c7acacffe445cc3b3a099bfe580a8ab7ad223ad021bc9.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4744-132-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/4744-133-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download