84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6

Analysis

max time kernel
158s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe
Size

172KB
MD5

0f56c773c3d192eceaa32b6f25607701
SHA1

23846adf8e340deb11c12c24088828b0f957f8c5
SHA256

84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6
SHA512

34a0d9210e4d3a0a5b9522cc0def51bd9cd31517d0d655f3e5404597799feb46c05dce643ee76e030ee36d4af2d2973354116b76fce7986f3e23aa5874e9fede
SSDEEP

768:XG8CRCvbHa5ED3Y9gMtVAcfvreLHAIkuqmuRZuFcPAXHo:XWiY9X6LH9kuqmuvUcPAXI

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	toiagoq.exe

Executes dropped EXE 1 IoCs

pid	Process
4800	toiagoq.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe

Adds Run key to start application 2 TTPs 52 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /J"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /b"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /R"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /t"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /L"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /I"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /X"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /p"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /W"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /m"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /H"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /l"	toiagoq.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run\	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /P"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /k"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /v"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /w"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /q"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /E"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /M"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /r"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /i"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /n"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /o"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /Z"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /x"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /A"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /Y"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /K"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /d"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /e"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /U"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /O"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /y"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /f"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /j"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /V"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /C"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /s"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /c"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /g"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /G"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /a"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /T"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /z"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /D"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /N"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /Q"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /u"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /S"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /h"	toiagoq.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\toiagoq = "C:\\Users\\Admin\\toiagoq.exe /F"	toiagoq.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe
4800	toiagoq.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1784	84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe
4800	toiagoq.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 4800	1784	84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe	81
PID 1784 wrote to memory of 4800	1784	84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe	81
PID 1784 wrote to memory of 4800	1784	84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe	81
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79
PID 4800 wrote to memory of 1784	4800	toiagoq.exe	79

C:\Users\Admin\AppData\Local\Temp\84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe
"C:\Users\Admin\AppData\Local\Temp\84aa785e80de617c73c4290e5d1f17c960c1c5aa3a8d4046810051a994f5aaa6.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\toiagoq.exe
  "C:\Users\Admin\toiagoq.exe"
  2⤵
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\toiagoq.exe

Filesize
172KB

MD5
8252ec2e36ebc9da02df4593e5228108

SHA1
8ca1379de6f9d443596d945638ab1c197b84c91b

SHA256
2a7f873eaefa72174002419d34a5c3df76a00a3a4f68ebd1001e1c7321b8800f

SHA512
649969260d8962da2170686417184ccea08b7427adaa4afa9133ddd6148e466ca9560a5ce684f2718189243b146b257b285225d527620ab0f4aeafc769742f09

Download Submit
C:\Users\Admin\toiagoq.exe

Filesize
172KB

MD5
8252ec2e36ebc9da02df4593e5228108

SHA1
8ca1379de6f9d443596d945638ab1c197b84c91b

SHA256
2a7f873eaefa72174002419d34a5c3df76a00a3a4f68ebd1001e1c7321b8800f

SHA512
649969260d8962da2170686417184ccea08b7427adaa4afa9133ddd6148e466ca9560a5ce684f2718189243b146b257b285225d527620ab0f4aeafc769742f09

Download Submit