72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422

General

Target

72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Size

300KB
MD5

44c2b62a4aa96e87c0cb313f46fdf344
SHA1

91eaf76f01899ca80ff632971b250cbb8bd86f58
SHA256

72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422
SHA512

8603992d0ea3f4627fe0f47ea73169b1f724ba358b3c9f493aa069be60298ff145b3125b9c61e83bf8306ba74191fe8e200c94dce00ec17abc99ff8bb44b91d5
SSDEEP

6144:SswPxVgkqWgj2taq7syrC4KNLmPmG2gMTCDF:8qW51e4KBmPmTgoCD

Score

8^/10

persistence upx

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 18 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\ = "Microsoft Windows Media Player 12.0"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1716-55-0x0000000001000000-0x0000000001073000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

Processes:

72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

description ioc process

File created C:\Windows\wmsetup.log 72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\wmsetup.log	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

Modifies registry class 64 IoCs

Processes:

72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.asx\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u\Source Filter = "{e436ebb5-524f-11ce-9f53-0020af0ba770}"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMS\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wm = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions\WAV	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmdb\ = "WMP.WMDBFile"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.dvr-ms\Media Type = "{e436eb83-524f-11ce-9f53-0020af0ba770}"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMS	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wmx = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers\WMPBurnAudioCD	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSBD	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wma\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wmx\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\. = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\ = "Windows Media Library"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11d0-A520-00A0D10129C0	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMST	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wax	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers\AVI	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u\SubType = "{a98c8400-4181-11d1-a520-00a0d10129c0}"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\NoOpen	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\DefaultIcon	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSU	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.asf\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wax\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wmv	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions\AU	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wvx\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{33FACFE0-A9BE-11d0-A520-00A0D10129C0\0 = "0,4,ffdfdfdf,3C53414d"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.asf	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asp = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.nsc = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex\ContextMenuHandlers\WMPBurnAudioCD	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers\WAVE	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u\Media Type = "{e436eb83-524f-11ce-9f53-0020af0ba770}"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wm\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wmv\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asf = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\DefaultIcon\ = "C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe,-120"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMST\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex\ContextMenuHandlers	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.dvr-ms\Source Filter = "{C9F5FE02-F851-4eb5-99EE-AD602AF1E619}"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wax = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.dvr-ms\SubType = "{e06d8023-db46-11cf-b4d1-00805f6cbbea}"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wma = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Compressors\vids	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmdb	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asx = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wmv = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wvx = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSU\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSBD\Animation = "dxmasf.dll,150"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers\WMPBurnAudioCD\ = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"	72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe

C:\Users\Admin\AppData\Local\Temp\72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe
"C:\Users\Admin\AppData\Local\Temp\72a3285939eaa0ec20be9663c7d8419e00f7fc999c4c4a05d3ba1d5496d20422.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:1716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-54-0x0000000074E01000-0x0000000074E03000-memory.dmp

Filesize
8KB

Download
memory/1716-55-0x0000000001000000-0x0000000001073000-memory.dmp

Filesize
460KB

Download
memory/1716-56-0x0000000000270000-0x000000000027D000-memory.dmp

Filesize
52KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads