12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8

General

Target

12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Size

871KB
MD5

c8010b26aa052bac713ea66b57235a6c
SHA1

e8c2dad792ae8692f9664c1f80d0b5db71524fc8
SHA256

12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8
SHA512

1d9025602a8c795da558b55509a666aefd62d319da0e67473ccf604db9ebba4c0acd6c643e96c6f6bc0596c01438b7b295f95dd1f9ccea146784b4f21a5e65c7
SSDEEP

24576:T0duchXQlHX5Nr6EfGm+aLivxBZpIBKTqNwZDJU:T0dFhXEv6EfVsxT7Tq6ZFU

Score

8^/10

persistence

Malware Config

Signatures

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe

Modifies registry class 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\FLAGS	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Programmable	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0\ = "JSIELib"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\ = "TinyJSObject Class"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib\ = "{7E77E9F2-D76B-4D54-B515-9A7F93DF03DF}"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\Version\ = "1.0"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\TypeLib	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\TypeLib	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040}\1.0	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000_CLASSES\Wow6432Node\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe"	12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe

C:\Users\Admin\AppData\Local\Temp\12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe
"C:\Users\Admin\AppData\Local\Temp\12378744f9c3132071077fac33c395013abc56876a54ee581c4c67211cd055d8.exe"
1⤵
- Registers COM server for autorun
- Modifies registry class
PID:1600

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download
memory/1600-55-0x00000000020A0000-0x00000000021E5000-memory.dmp

Filesize
1.3MB

Download
memory/1600-63-0x00000000020A0000-0x00000000021E5000-memory.dmp

Filesize
1.3MB

Download
memory/1600-64-0x00000000020A0000-0x00000000021E5000-memory.dmp

Filesize
1.3MB

Download
memory/1600-62-0x00000000020A0000-0x00000000021E5000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing