e3e7b40357f34056abe5b4695a3d605ad18f1f629f12cc572e7f67d5e72cdb90

Analysis

max time kernel
148s
max time network
193s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 12:51

Target

e3e7b40357f34056abe5b4695a3d605ad18f1f629f12cc572e7f67d5e72cdb90.exe
Size

775KB
MD5

db4db396986221276eda21af71717f8c
SHA1

38d2f0bed56ddbf402efcaaf20ce216d520b04d6
SHA256

e3e7b40357f34056abe5b4695a3d605ad18f1f629f12cc572e7f67d5e72cdb90
SHA512

41a0d126655d32faf6bd77c9a00bb3b4730b588eb5ecba14adbda05abcad8a7e00bcc9fabd078366487424b7bb0ac0a610cda5f504fec1ccd757e8a28a433418
SSDEEP

24576:FmEu3moh1jkMnVZHklW08nfGWoxwwwcjngU:QEuWorVnclW3eWawDcEU

Score

6^/10

persistence

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

Processes:

e3e7b40357f34056abe5b4695a3d605ad18f1f629f12cc572e7f67d5e72cdb90.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\AS2014 = "C:\\ProgramData\\i9VVig6x\\i9VVig6x.exe"	e3e7b40357f34056abe5b4695a3d605ad18f1f629f12cc572e7f67d5e72cdb90.exe

C:\Users\Admin\AppData\Local\Temp\e3e7b40357f34056abe5b4695a3d605ad18f1f629f12cc572e7f67d5e72cdb90.exe
"C:\Users\Admin\AppData\Local\Temp\e3e7b40357f34056abe5b4695a3d605ad18f1f629f12cc572e7f67d5e72cdb90.exe"
1⤵
- Adds Run key to start application
PID:2036

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2036-54-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2036-56-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2036-55-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2036-57-0x0000000000400000-0x00000000004C5000-memory.dmp

Filesize
788KB

Download
memory/2036-58-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download