9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0

Analysis

max time kernel
21s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe
Size

534KB
MD5

f782704cbc0161e4183e2ecd298b872b
SHA1

375b19dd80d3495bae7bbbce0a65bee1647ccf9a
SHA256

9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0
SHA512

68231f9c8fb65ba2d3658f811a10e801c621b0fe632a7543fb93785efd0f26e607db19e6922c4df747ad8601ab6c1c9e14eff5cc4fe524c8188d54fca3cd672e
SSDEEP

12288:s5Z7H7aD8d2JySQ4Pc/dP2bw0jbK51pER:6z7aD8AzPc/N2pbKzm

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe

pid process

2880 9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe

pid	process
2880	9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IonoMuljo = "regsvr32.exe \"C:\\ProgramData\\IonoMuljo\\IonoMuljo.dat\""	9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run	9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe

Modifies registry class 2 IoCs

Processes:

9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{32393357-0F59-45F3-8835-3D785F0775F6}	9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{32393357-0F59-45F3-8835-3D785F0775F6}\#sd = 433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c54656d705c396264663238316333383964316661326332646664653565663836303234633161313737303937363264333563313837346633383366656335633734393064302e65786500	9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe

C:\Users\Admin\AppData\Local\Temp\9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe
"C:\Users\Admin\AppData\Local\Temp\9bdf281c389d1fa2c2dfde5ef86024c1a17709762d35c1874f383fec5c7490d0.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
PID:2880

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\IonoMuljo\IonoMuljo.dat

Filesize
230KB

MD5
ad875d6280dd977fc73bbb36dfab805e

SHA1
9f74587f7b7c88fa2f4ff8a04aad70374d14451d

SHA256
c36526abee5cb89d05159d1471202d3e1555438e2be45b42fe81c9997582ef87

SHA512
9a1d4955f6938b464d1c844246496790ea686aeb0237dd8667656c8226c580672ea9ab86106b8f63d940a5a657bd2035b8f969a0a38e6f4eef8ea6e28a4ce18d

Download Submit
memory/2880-132-0x0000000000400000-0x0000000000489000-memory.dmp

Filesize
548KB

Download
memory/2880-133-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2880-136-0x00000000753B0000-0x00000000753E3000-memory.dmp

Filesize
204KB

Download