dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7

Analysis

max time kernel
151s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe
Size

72KB
MD5

72b8c8decbd4238cd40e63372949bdd1
SHA1

882d33835dfbdf6650b53385fb5be5f40ccb020f
SHA256

dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7
SHA512

9f9b3594ad49a46ec71cf0be4a326c6a6e6bcee7602412482d8def143c3a7ecd9995339cc08ed7a7f2aa9b1d70c3a913afdb2b981980cf6af68a1610fe86f724
SSDEEP

768:5RVNmZkOE8oHcbRij/oBw1s40oiNoMGcuZNh/QPP+fr7yJNO328v1CvBOxPo:5RVfERe/oXoisc6Qefr7yJYmm4JL

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Update = "C:\\Windows\\WinBackups\\sysinfo.exe"	dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\220.177.198.10 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe"	dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinBackups\sysinfo.exe	dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe
File created	\??\c:\windows\WinBak.ini	dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe
File opened for modification	\??\c:\windows\WinBak.ini	dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe

C:\Users\Admin\AppData\Local\Temp\dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe
"C:\Users\Admin\AppData\Local\Temp\dfbb7a6572af36c2072ce5c1e8907372833ee33ef0e3d285f4f0575427d966a7.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
PID:1564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads