734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764

Analysis

max time kernel
35s
max time network
60s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe
Size

405KB
MD5

cee44d3739132e442a86ec658e6c3053
SHA1

d1d38c2485be83f1ff05e5811f6e8f71125a6819
SHA256

734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764
SHA512

30ee4c0ee8853513eb8b6ab2f408c0ca2120580de3ec3ab1857e35a6759551082ed712044260c0c317306dd35347bddf623f4bf0a5b08f9d28ae73a12e9b1983
SSDEEP

6144:NRtX+DEgy3kZN759jMjxdjevX4Ypml4y1mx8L1fUv+iGSS9RTF:HFSE4LjjK9evXC48mxrGiGnfF

Score

7^/10

persistence

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
916	734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TarovImlom = "regsvr32.exe \"C:\\ProgramData\\TarovImlom\\TarovImlom.dat\""	734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\CLSID\{7528277B-396E-4C3C-AF92-71426C496160}	734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\CLSID\{7528277B-396E-4C3C-AF92-71426C496160}\#sd = 433a5c55736572735c41646d696e5c417070446174615c4c6f63616c5c54656d705c373334653532313961616230353331663333303966333236396562393036656338323439373936666134363232393234653439386364303663623631303736342e65786500	734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe

C:\Users\Admin\AppData\Local\Temp\734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe
"C:\Users\Admin\AppData\Local\Temp\734e5219aab0531f3309f3269eb906ec8249796fa4622924e498cd06cb610764.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Modifies registry class
PID:916

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\TarovImlom\TarovImlom.dat

Filesize
265KB

MD5
ae6cdbbb0660ce28202631f6e4da4dfc

SHA1
e3323820def5e7287c08c7fdef896e89b75fa3d4

SHA256
5f1647abd2bb3241852d8658d815229701c9553b5313841e62038d4f31e9db80

SHA512
400b9dfec973f723de85c6a491a6bf05fce655cbdc66253321bb9529c9c50cbf39f85e3565808a7976fc20b259f94a6891ccc70a9a8325d85a8c324f0a294531

Download Submit
memory/916-132-0x0000000000400000-0x00000000004D1000-memory.dmp

Filesize
836KB

Download
memory/916-133-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/916-136-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download
memory/916-138-0x0000000010000000-0x000000001006A000-memory.dmp

Filesize
424KB

Download