6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6

Analysis

max time kernel
151s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
Size

447KB
MD5

a392b52999c5b9f13627bd4350c84963
SHA1

9426def3731dad91384299dd25b375ad96bc9300
SHA256

6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6
SHA512

3c345ebfeefd2ba4f6d626f4b7ad2a291551cf2fa6d326e04a0f6a9e753844cae618cd5f0ff696dd6f02d07630b07ae404b3effd6ba231328e7ed3267e72e329
SSDEEP

6144:4Ly84u9nSO2GjZkD10BIY3rb1YfBdfpoZ3u/Ht52w6JSeiFPXco6Z2:M+u9nx2GjMY3XKfd/H/9PL6Z2

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe"	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
4788	6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe

C:\Users\Admin\AppData\Local\Temp\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe
"C:\Users\Admin\AppData\Local\Temp\6cd2646b8890aeb147789ea8c173ee091bc0d067f9a58dafdba75be6d807d6a6.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:4788

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...