2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233

Analysis

max time kernel
159s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 15:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe
Size

51KB
MD5

0557408783805734cf336e6ad486217d
SHA1

454cce7d93fb7908a839a4ba73ba5edf63c9b7c0
SHA256

2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233
SHA512

a6d962b8ee9bea03d95aa717cfb976e7873f54443ed192c1166b91726547cb2e11a0091088a831c937d077e34ea9666b81ca8552ebffdcf4a947946c58a16b35
SSDEEP

1536:d/ARS+XLldrEafUeYNq4gUw8Vn9vMU/VAMX8:FAR33IOUJNq4RpZMUbX8

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\fdywrf\Parameters\ServiceDll = "%SystemRoot%\\System32\\vevcac.dll"	2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\fdywrf\Parameters\ServiceDll = "%SystemRoot%\\System32\\vevcac.dll"	2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\CONTROLSET003\Services\fdywrf\Parameters\ServiceDll = "%SystemRoot%\\System32\\vevcac.dll"	2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe

Loads dropped DLL 2 IoCs

pid	Process
3400	2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe
1368	svchost.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\0004a8ea.inf	2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe
File created	C:\Windows\SysWOW64\vevcac.dll	2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe

C:\Users\Admin\AppData\Local\Temp\2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe
"C:\Users\Admin\AppData\Local\Temp\2789f1ec155c60b10980f9e2ed07bf21b68ae1ee46e782111f306d8289113233.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:3400

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k fdywrf
1⤵
- Loads dropped DLL
PID:1368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\vevcac.dll

Filesize
69KB

MD5
04784f98f0e54f03c9b2f0bae8edea05

SHA1
3bffd2b6b8674f95bf93c31ef93b18e96ccb67f6

SHA256
a0f44deb94fbde28f1c27606ee341d24101286bfec6c8fdcf9a4e5768f599135

SHA512
d5f01ea28f28f80dbe124bad1d6cd8e15a016d4ba65be1babe66d3e84989e5f924ab3771e5e5a0c6128525b5bd888d79755d54bb8fafbf35e948c4ac63cfec15

Download Submit
C:\Windows\SysWOW64\vevcac.dll

Filesize
69KB

MD5
04784f98f0e54f03c9b2f0bae8edea05

SHA1
3bffd2b6b8674f95bf93c31ef93b18e96ccb67f6

SHA256
a0f44deb94fbde28f1c27606ee341d24101286bfec6c8fdcf9a4e5768f599135

SHA512
d5f01ea28f28f80dbe124bad1d6cd8e15a016d4ba65be1babe66d3e84989e5f924ab3771e5e5a0c6128525b5bd888d79755d54bb8fafbf35e948c4ac63cfec15

Download Submit
\??\c:\windows\SysWOW64\vevcac.dll

Filesize
69KB

MD5
04784f98f0e54f03c9b2f0bae8edea05

SHA1
3bffd2b6b8674f95bf93c31ef93b18e96ccb67f6

SHA256
a0f44deb94fbde28f1c27606ee341d24101286bfec6c8fdcf9a4e5768f599135

SHA512
d5f01ea28f28f80dbe124bad1d6cd8e15a016d4ba65be1babe66d3e84989e5f924ab3771e5e5a0c6128525b5bd888d79755d54bb8fafbf35e948c4ac63cfec15

Download Submit