Analysis
-
max time kernel
189s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 14:27
Static task
static1
Behavioral task
behavioral1
Sample
45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784.exe
Resource
win10v2004-20221111-en
General
-
Target
45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784.exe
-
Size
752KB
-
MD5
8a5f963d86a57231d9e0cbf7932e5b73
-
SHA1
139967818fc5e39fdafe69f89afd9cdaaec25754
-
SHA256
45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784
-
SHA512
4c8362356e08a11970c29265a6806af65aae798fa97aae34c8865a3b4a5323380b439bb54732d862f9ee87bd290933d50d705e9d30227a67c65ee1aec3d635ca
-
SSDEEP
12288:B+A4X3ccC+G+co053jXT5y8yDqUlu5BKFaDakOgSi8vvFe5C4r9agT9dvdDvVFj1:kJcd+wpTT5tIqUlu5otkYvN+559d1vVL
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral2/memory/2896-132-0x0000000000400000-0x0000000000613000-memory.dmp upx behavioral2/memory/2896-134-0x0000000000400000-0x0000000000613000-memory.dmp upx behavioral2/memory/2896-135-0x0000000000400000-0x0000000000613000-memory.dmp upx behavioral2/memory/2896-136-0x0000000000400000-0x0000000000613000-memory.dmp upx -
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SonyAgent = "C:\\Users\\Admin\\AppData\\Local\\Temp\\45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784.exe" 45e404c5461362cf0a5174711eccb2714bfb59b30f704475590d8985671fe784.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2896-132-0x0000000000400000-0x0000000000613000-memory.dmpFilesize
2.1MB
-
memory/2896-134-0x0000000000400000-0x0000000000613000-memory.dmpFilesize
2.1MB
-
memory/2896-135-0x0000000000400000-0x0000000000613000-memory.dmpFilesize
2.1MB
-
memory/2896-136-0x0000000000400000-0x0000000000613000-memory.dmpFilesize
2.1MB