e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b

General

Target

e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Size

32KB
MD5

b447ee187ac71222fa1897ba521a19ba
SHA1

e69baeb35b1d90aa5b9169a93420cc9e3431e8ed
SHA256

e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b
SHA512

80284f59efe093b474e80cecf67279d281af7b8fe460a4d45ac0a1e177da62465057e244101d0d0a61b28d4d115eeeef72ca994950e7bf86e9966e57104f3433
SSDEEP

384:AqcZkMfG+gmlGhE/uq+lAyy2/GXSo0lx5p6/wC72qlcn:AqcZkaiP7SyHuCXlQoCyqc

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 10 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\EEB3A1C5A0D7EF6E9604A09C38EB2AA69289AE75	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\AE2DABC9DBB5CE4622482BE24F97010103301FCA	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\51FFA2AD82E01D0FB76FC7750BE646340B630195	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\51FFA2AD82E01D0FB76FC7750BE646340B630195\Blob = 03000000010000001400000051ffa2ad82e01d0fb76fc7750be646340b6301952000000001000000900200003082028c308201f5a003020102020439448bb9300d06092a864886f70d01010505003026310b300906035504061302434e31173015060355040a130e4346434120506f6c696379204341301e170d3030303631323037343935325a170d3230303631323034333730365a3029310b300906035504061302434e311a3018060355040a131143464341204f7065726174696f6e20434130819f300d06092a864886f70d010101050003818d0030818902818100d7ac50aa8dd6c5ad4a9359b93243ad2c171a369ec4f9c18ace7334973bd123d0606be19f742ff7ebc8b94da3605cc5f2a88360f401bfb8458c8fd4bbd6dea542417a7c6f61181322651f2743c4cbe4ac454a5c0c03f14d6369e047eff1012733424610700eb4b1c363bdffb1ef878c1ed687d1e1cc24c5e50a9944bde8d882d70203010001a381c33081c030480603551d1f0441303f303da03ba039a4373035310b300906035504061302434e31173015060355040a130e4346434120506f6c696379204341310d300b0603550403130443524c31300b0603551d0f040403020106301f0603551d230418301680142f926e7deeed05bff0bde485680a97935342d2d0301d0603551d0e04160414c327c63668c827652487af91a74b263302e51ae9300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456352e3003020490300d06092a864886f70d01010505000381810021e275d835dc3e9f6161ab3b048dfd4f397d7ed36c6cef935209b2725dfea4888e6036775d676b14ad8c120cfa9159a013f578ba1cc26fc3977b12a5ef80fe0dc3f2f49746588c306c33299e094cf624604e2abe71eb55188bacc6e9e78b172b4402b2596084e48ae0961ff3cffd87ae71c4f2766567e09d33d83c3488cbad24	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\12844DEF9B03084180E4FB4DFDFBB4DA8E284602	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\12844DEF9B03084180E4FB4DFDFBB4DA8E284602\Blob = 03000000010000001400000012844def9b03084180e4fb4dfdfbb4da8e28460220000000010000008d02000030820289308201f2a003020102020439448a6d300d06092a864886f70d01010505003024310b300906035504061302434e31153013060355040a130c4346434120526f6f74204341301e170d3033303832383039343234365a170d3230303631323034333730365a302a310b300906035504061302434e311b3019060355040a131243464341204f7065726174696f6e2043413130819f300d06092a864886f70d010101050003818d0030818902818100ac51ca642460a5c99109519e0f7afe1a33df0ece1dad3d3a4d05d68c22cc02719c46f7349c292503dce6e93f24421ad0d8922233517921b76a3ec3c370dd9d55a795546076a13ed336466c27b7f89cc2354777458325497ee137b381fb82bb6f09c43a15eb5b464affe59c5f316bae49c826320693618c699d1c31350bc8af310203010001a381c13081be30460603551d1f043f303d303ba039a037a4353033310b300906035504061302434e31153013060355040a130c4346434120526f6f74204341310d300b0603550403130443524c31300b0603551d0f040403020106301f0603551d230418301680147f1aa2867f4909df97a0a6029ae83c74fbedcec3301d0603551d0e04160414138ae169cd3c3055c3dbbe311ded40e28711e8ec300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456362e3003020490300d06092a864886f70d010105050003818100b862950c1f768cac06ce33f5e070328548611d4a3f068aab2e7f0c97d2e561bc1ba05f329a0f575bde2d406f58724be286192f6a250d06dc7c1c8adbda6dc4670177163870958d37667a5f69c833f46e04be7cf8bbd53dfd6c8480304172db9c6e8ce337a974a3247892c213cec2e198766eb81892b688f36350fff25d051dc6	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\EEB3A1C5A0D7EF6E9604A09C38EB2AA69289AE75\Blob = 030000000100000014000000eeb3a1c5a0d7ef6e9604a09c38eb2aa69289ae7520000000010000008d02000030820289308201f2a003020102020439449877300d06092a864886f70d01010505003024310b300906035504061302434e31153013060355040a130c4346434120526f6f74204341301e170d3034313230363036323933375a170d3139313132303136303030305a302a310b300906035504061302434e311b3019060355040a131243464341204f7065726174696f6e2043413230819f300d06092a864886f70d010101050003818d0030818902818100b1bf8c7fe61360950eec9bcfa87337b0be2937a75b48c0ca31a5525e08dd84d3007fd6dbc33eae3d0d4668ecf67ddd078d619ef6557d733ba8b862f93d1c0d04a5545185efb91921b3398d10fb792155cdae4f786eddab9424c5413314ac3406929a1e4f70653114a114e419ca22aa921b86b758381d9f6eadfcca153fb9676b0203010001a381c13081be30460603551d1f043f303d303ba039a037a4353033310b300906035504061302434e31153013060355040a130c4346434120526f6f74204341310d300b0603550403130443524c31300b0603551d0f040403020106301f0603551d230418301680147f1aa2867f4909df97a0a6029ae83c74fbedcec3301d0603551d0e04160414f08dedb341bbfbef081e5502c33137ef3c144ecd300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456362e3003020490300d06092a864886f70d010105050003818100776669ad1b78576417bb1b746e42780d678ec3a3811eefd1e461837b82cec7381653a7a965ede091e861803c406956be5c999225ade666be7f8fd419a971c5b4bce7556304464bdddc02b62bba427bd1a573dc234a5f062c937eb63e027ee1a5db9744dd91553d4feb420b1423414e767171bb03c928dac1d9f32abaeed5b31b	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\AE2DABC9DBB5CE4622482BE24F97010103301FCA\Blob = 030000000100000014000000ae2dabc9dbb5ce4622482be24f97010103301fca2000000001000000c4040000308204c0308203a8a003020102020c1fc22837c62b9b567d67cf9b300d06092a864886f70d01010505003031310b300906035504061302434e310c300a060355040a0c034e43433114301206035504030c0b4e434320524f4f54204341301e170d3039313032313130313431375a170d3339313031343130313431375a3036310b300906035504061302434e310c300a060355040a0c034e43433119301706035504030c104e4343204f5045524154494f4e20434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c254fa6fce9c51a6e6083da7d237a42b33120bfce361e7f1a9168a860e9d5b0c3882676d441c52ef5faa25066c7888c663fe31969944ed671d357d38de44849d37064fffc01e767065257928f9a243ed19b2253590be5803f3b75c0213696d1e6cfc557bf15935cf98ecf48efe8ea89bd6e054b56c9e819c1fe7565e6d86bfa7aa4485e0da0a16e4f66c6cdee5da28185e71d994ec40ee0e6b953a89d1c51e5b76cc6730463fc3b19a414a723031313d49aaebcb2deaa68f571b46e8c06f7231dcf29f128d06d5e501ffba7040871979433f25091b9d3022d3556e2681983b195830c9308f293ed0bf1f438c2e9c383424e68f21b8db72999008e3647dcec1d90203010001a38201d1308201cd300e0603551d0f010100040403020086300f0603551d13010100040530030101ff30220603551d2301010004183016801406c998566fe9c621e94292e2377afbca520032ad3081ad06082b0601050507010101010004819d30819a30819706082b0601050507300286818a6c6461703a2f2f3137322e33312e39312e31313a3338392f434e3d4e434320524f4f542043412c434e3d4e434320524f4f542043412c4f553d63414365727469666963617465732c64633d6e63632c64633d636e3f634143657274696669636174653f626173653f6f626a656374436c6173733d63657274696669636174696f6e417574686f726974793081b30603551d1f0101000481a83081a53081a2a0819fa0819c8681996c6461703a2f2f3137322e33312e39312e31313a3338392f434e3d4e434320524f4f542043412c434e3d4e434320524f4f542043412c6f753d43524c44697374726962757465506f696e74732c64633d6e63632c64633d636e3f63657274696669636174655265766f636174696f6e4c6973743f626173653f6f626a656374636c6173733d63524c446973747269627574696f6e506f696e7430200603551d0e01010004160414af78aa9c234da0f8b2026894e8b9c33b6da7ce68300d06092a864886f70d0101050500038201010043cd24b52e538be08e70a5e58a303be3fe55ec2c81bc1ae9b07fab1e06faf2bb4aac2d5c92add1dd828ed477906f7063df9da6e033ccbdc1194e73134d8443bc02f1431aad337abcd98f8d941c355069c39e347d0823c932042f7d50d4509e827e874784e06c7aae825cecfcf22d8625399478a0a0bfa164362b8769e1e6c5b647ed92c755501c11d860dd6d6a42b74be5e55bbdd890127f265516c31848ead66785f843d836e2bc8363ec9ac26f49bc71a69ab1032dbc8bea144ee1653013a321c0a11c06c92a8a295d9a1d94487960ffd19a48ee237349b926cef657b962804872545269d37d86a95724e721102ee04b8185b1632ebe0a135efc41e97d20b7	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\9B05D7C9D1DAACA1A5880E38AB7BFB35A417F9D0	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\9B05D7C9D1DAACA1A5880E38AB7BFB35A417F9D0\Blob = 0300000001000000140000009b05d7c9d1daaca1a5880e38ab7bfb35a417f9d020000000010000008902000030820285308201eea0030201020204394468ab300d06092a864886f70d01010505003024310b300906035504061302434e31153013060355040a130c4346434120526f6f74204341301e170d3030303631323036333635355a170d3230303631323034333730365a3026310b300906035504061302434e31173015060355040a130e4346434120506f6c69637920434130819f300d06092a864886f70d010101050003818d0030818902818100c9306d656059ef58b5930032ff18c98e82bcc25d56aee1ee3349712d9cb0fe66afd618b210374905cc112b7cf4d5eac5225900515115a189b85c1b64739fddbf532c775f245f031c9540c6ca7943be0a3084b6cd06640d1c4de93a7db04a9307f655649d158166229c5a60aead02caab9805fc32f25b1bcee4733348de105c0f0203010001a381c13081be30460603551d1f043f303d303ba039a037a4353033310b300906035504061302434e31153013060355040a130c4346434120526f6f74204341310d300b0603550403130443524c31300b0603551d0f040403020106301f0603551d230418301680147f1aa2867f4909df97a0a6029ae83c74fbedcec3301d0603551d0e041604142f926e7deeed05bff0bde485680a97935342d2d0300c0603551d13040530030101ff301906092a864886f67d074100040c300a1b0456352e3003020490300d06092a864886f70d0101050500038181004152b8d6734db8a83d9027565b2496b224c41ec79a4ecc7c0e9156aab3c4161e47290f535f79bac567b632a66704419f7edcf0a4f67593e9a0d243ea06f03c408c77edc7b9b240808bd1ad5f0e199a94c13a60d360ec2af4334377a0366c04c1ecd93b8f694fdb629d29166cf55358f90995128e7f0cb103b251b007421ee752	e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe

C:\Users\Admin\AppData\Local\Temp\e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe
"C:\Users\Admin\AppData\Local\Temp\e2a03e620e1d078395dbbaef397517038b200d24e71b57d9d348d2e674063a4b.exe"
1⤵
- Modifies system certificate store
PID:4884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4884-132-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4884-133-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing