3f7185437df941ef789bd79bc75328e712bb95bf1e960ecad1ff53084e7644f5

Analysis

max time kernel
139s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 08:01

Target

3f7185437df941ef789bd79bc75328e712bb95bf1e960ecad1ff53084e7644f5.exe
Size

31KB
MD5

f4b8e60c982ea033ab6e2e58895338e2
SHA1

791c15426c65029cf8b6a3de9237d86411ce142e
SHA256

3f7185437df941ef789bd79bc75328e712bb95bf1e960ecad1ff53084e7644f5
SHA512

edf5eca0c26d1466b42fee8760d74657ca6f9ce1610a0a657136442af7a1f2dfe491753b4fc494290444aaca6eae0876c5cffc2e4901636fb7c94d419a5d1c29
SSDEEP

768:CLtpD8N/ZH94ZxNGDxAchudcFOGDnnqNdtqO:CLtpDa/x9zqchhFOGrqjtqO

Score

6^/10

persistence

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

Processes:

3f7185437df941ef789bd79bc75328e712bb95bf1e960ecad1ff53084e7644f5.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DirectX Runtime = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\directx.exe"	3f7185437df941ef789bd79bc75328e712bb95bf1e960ecad1ff53084e7644f5.exe

C:\Users\Admin\AppData\Local\Temp\3f7185437df941ef789bd79bc75328e712bb95bf1e960ecad1ff53084e7644f5.exe
"C:\Users\Admin\AppData\Local\Temp\3f7185437df941ef789bd79bc75328e712bb95bf1e960ecad1ff53084e7644f5.exe"
1⤵
- Adds Run key to start application
PID:2604

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2604-132-0x0000000075210000-0x00000000757C1000-memory.dmp

Filesize
5.7MB

Download
memory/2604-133-0x0000000075210000-0x00000000757C1000-memory.dmp

Filesize
5.7MB

Download