aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d

Analysis

max time kernel
39s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d.exe
Size

68KB
MD5

67ef4e24a21bfb31d5ea03bc130de63a
SHA1

582b82da6ad0635f40f38fcdfdf3f9eb5f610fd5
SHA256

aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d
SHA512

9da22a2eaaca74aba814f9c8ac6fd5263a5fca183b2ec06d456b8ac8e49d5f3e4cf016558fc103fc8af73984c82d970c29afa6af43bb462b27d026579b918219
SSDEEP

768:Zc9liTdyyAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:G9Ix9AcqOK3qowgnt1d

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2464	aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d.exe

C:\Users\Admin\AppData\Local\Temp\aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d.exe
"C:\Users\Admin\AppData\Local\Temp\aaa964789a07397261d49464d08f16170566b470033624cbf850a21e23b0633d.exe"
1⤵
- Modifies visiblity of hidden/system files in Explorer
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2464
- C:\Users\Admin\Admin.exe
  "C:\Users\Admin\Admin.exe"
  2⤵
  PID:4344

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Admin.exe

Filesize
25KB

MD5
866def71101f353699f6dc941f4c12d0

SHA1
8c70d35b753452dd4dbcadf089b540da7ad451d0

SHA256
f9c61627f934020956e744d95a3c5dc44b24cc25ef81cd50f0fe6265c47f4300

SHA512
377e627bddc14c5d033457dc840b2e26c3e487f5429cabcf98b1f53758463f16b78de4991251fb8e9a3dd5ebe09885ce7461ae5812f5b196a2d829eeeaef8775

Download Submit
C:\Users\Admin\Admin.exe

Filesize
32KB

MD5
4656e0906855fc1ce1a57cb1bc88d8fd

SHA1
88def30a661bb321e8fedf69fdf6a9f99b823fcd

SHA256
89749385180c77eb26acfdcb9478cbb4501d6991572411b0059f92f82ae01642

SHA512
dda80872462fa64f058db610cd185705fb6b4031d985824c3bc17475882ce7b18f645ff31d4465d12910305f50a4d1fb46af1dbc7292e17a9dc93e310629f1bd

Download Submit
memory/2464-132-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4344-138-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/4344-135-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads