6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6

Analysis

max time kernel
151s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
Size

447KB
MD5

a392b52999c5b9f13627bd4350c84963
SHA1

9426def3731dad91384299dd25b375ad96bc9300
SHA256

6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6
SHA512

3c345ebfeefd2ba4f6d626f4b7ad2a291551cf2fa6d326e04a0f6a9e753844cae618cd5f0ff696dd6f02d07630b07ae404b3effd6ba231328e7ed3267e72e329
SSDEEP

6144:4Ly84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXco6Z2:M+u9nx2GjMY3XKfd/H/9PL6Z2

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe"	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe

C:\Users\Admin\AppData\Local\Temp\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
"C:\Users\Admin\AppData\Local\Temp\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:4788

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads