2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c

Analysis

max time kernel
121s
max time network
73s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c.exe
Size

21KB
MD5

0c31d165437bb7a4fc077ad1484d7119
SHA1

3c99b130d5963a06db758628ad53eddc1d314ab1
SHA256

2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c
SHA512

137e62a4575e0b4787b640a78d7a56a9f0f76e6d4b0ea959ca2e6f50ce0fe7971425a6bed458a18d1da9a07f41ccf1386c61c80c3b1afd9f7649bb4769305cf1
SSDEEP

384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzU60GeA:SCIqdH/k1ZVcT194jp4bzA

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4900-132-0x0000000000800000-0x000000000080D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c.exe
File created	C:\Windows\lsass.exe	2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c.exe

C:\Users\Admin\AppData\Local\Temp\2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c.exe
"C:\Users\Admin\AppData\Local\Temp\2d4599c05237bb94223280c60efaea7f2d56a907927dd532c86736ca59891f2c.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:4900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4900-132-0x0000000000800000-0x000000000080D000-memory.dmp

Filesize
52KB

Download