4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 11:01

Target

4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa.exe
Size

232KB
MD5

316bc7d376f9e6be836556f961177390
SHA1

5a363f712dc10ebb6da134f8fe7a191675e89dd1
SHA256

4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa
SHA512

5e068e8f7a8b8dc12b7769d39998b286d97a9a62d01173f4127fbec2066d41e8e51559c3b45e4ad0035f29bca03ebd8b4be3ee3ecf30bb0d61610d25d0cae0ce
SSDEEP

6144:quI4Xpb5yKVMB6qqL3z72kndrNcpEHYEtjWfSgKWj9u2Ud:7bXpb5ytUqk3z7ZndrrYovmQ2+

Score

8^/10

Executes dropped EXE 1 IoCs

pid	Process
2184	Terms.EXE

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	Terms.EXE
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	Terms.EXE
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	Terms.EXE
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	Terms.EXE

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Terms.EXE	4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa.exe
File opened for modification	C:\Windows\Terms.EXE	4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Terms.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Terms.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Terms.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Terms.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Terms.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	Terms.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	Terms.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	Terms.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4396	4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa.exe
4396	4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa.exe

C:\Windows\Terms.EXE

Filesize
232KB

MD5
316bc7d376f9e6be836556f961177390

SHA1
5a363f712dc10ebb6da134f8fe7a191675e89dd1

SHA256
4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa

SHA512
5e068e8f7a8b8dc12b7769d39998b286d97a9a62d01173f4127fbec2066d41e8e51559c3b45e4ad0035f29bca03ebd8b4be3ee3ecf30bb0d61610d25d0cae0ce

Download Submit
C:\Windows\Terms.EXE

Filesize
232KB

MD5
316bc7d376f9e6be836556f961177390

SHA1
5a363f712dc10ebb6da134f8fe7a191675e89dd1

SHA256
4dd0858f70199e84df977a4ebe84637f4c5e449b6ea35fef154b155a1656ccfa

SHA512
5e068e8f7a8b8dc12b7769d39998b286d97a9a62d01173f4127fbec2066d41e8e51559c3b45e4ad0035f29bca03ebd8b4be3ee3ecf30bb0d61610d25d0cae0ce

Download Submit