ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
Size

972KB
MD5

ae2ee938660b7567859f95f7a76c1f8d
SHA1

3ff5bf8b629ebd646dcf0e08060a4a1d42357e41
SHA256

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992
SHA512

ae41a712d47048d36ca762354b7426d8b7d0ef501cf69bb18b8d31615846b889779856d7c4ca73583db4f5a049f00936369a6aafdd4fe16f5cfa3ce3d5734db0
SSDEEP

12288:W14J17SKvnXw12FTxUpx3ArVDuBty3jOaKwizJmlm+EfshgshdjH5PhIVM/J59VB:Waxd/wQ+Ar5RjOa92JmQ+Efshgsb

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GbpGSvc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe"	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

pid	process
876	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
876	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
876	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

C:\Users\Admin\AppData\Local\Temp\ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
"C:\Users\Admin\AppData\Local\Temp\ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:876

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads