c0586fec974a6ff490f2314ebb61d3087ce1e2f485ec510a2427674e6b79b667

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Documento_28102014.exe
Size

414KB
MD5

3724f59f2587ba0d5886efe4d851e636
SHA1

df79f259e6591a7e71c9368d290415d983550098
SHA256

e4c357a76f313b1fcc1f82edd91873ce5a01ed63cb3682bd566c03b43b71d160
SHA512

e3c243bdc6332ff1c370785eb383bca50a68bae2432f68d676bce01fed08502c0be428d3ab81af91610fb3460e509542b9980ce28c1c2347c525082652508a17
SSDEEP

12288:6Xqx6szVsRmQ5q+/+njJdhrTgLMK42WKzdQn:6CxamQ5q+/+baYah

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Documento_28102014.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\X2014	Documento_28102014.exe
File opened for modification	C:\Windows\trpn\	Documento_28102014.exe

C:\Users\Admin\AppData\Local\Temp\Documento_28102014.exe
"C:\Users\Admin\AppData\Local\Temp\Documento_28102014.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Windows directory
PID:1144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1144-54-0x0000000075AD1000-0x0000000075AD3000-memory.dmp

Filesize
8KB

Download