fbbe1668e4184545ced00cc870177125bd55f7c9ca57daaa17c578050cbe4a1a

Analysis

max time kernel
141s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbbe1668e4184545ced00cc870177125bd55f7c9ca57daaa17c578050cbe4a1a.exe
Size

1.7MB
MD5

25e41abc06a6cc501854bb53c3c40270
SHA1

bd18ff142ca10bf923212a6d0d70bd42f14aba6d
SHA256

fbbe1668e4184545ced00cc870177125bd55f7c9ca57daaa17c578050cbe4a1a
SHA512

58fc96034112860e32d336f63baff57d2ce569a6c0812dc8b8f11dc908f215b4945b8ab339c127ad44c39f986a7d189c76789cbea4833282735d158e1cb25614
SSDEEP

24576:X3gtyBI3W3SzGlJKMw7hxpQ4mLq4gonlO99V6lQrfXNhUHEwj:l3SCl8A7ilT5mH

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\svchost_sprn.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\fbbe1668e4184545ced00cc870177125bd55f7c9ca57daaa17c578050cbe4a1a.exe"	fbbe1668e4184545ced00cc870177125bd55f7c9ca57daaa17c578050cbe4a1a.exe

C:\Users\Admin\AppData\Local\Temp\fbbe1668e4184545ced00cc870177125bd55f7c9ca57daaa17c578050cbe4a1a.exe
"C:\Users\Admin\AppData\Local\Temp\fbbe1668e4184545ced00cc870177125bd55f7c9ca57daaa17c578050cbe4a1a.exe"
1⤵
- Adds Run key to start application
PID:1092

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1092-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download