be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Size

368KB
MD5

7c85af1bb045327fec93d1c0e09b3c41
SHA1

ae0b173214b5c9f433882abbde0f18d5d30bd6aa
SHA256

be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f
SHA512

999877c498e22a9052eea55d750529e094ed39406334a9623bedd5bf242a5b23d665a96cc01ddb8e0c3c24c8652d129537f6951e6a518f9ab601d672d145d51c
SSDEEP

6144:R+wP3nzyl/uNRjhR7uRB7WSh5a2sBV34:Wlm/jhduXWSh5hEV4

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 18 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\ = "Microsoft Windows Media Player 12.0"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\Version = "12,0,19041,1266"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\wmsetup.log	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Compressors	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions\WAV	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers\WAVE	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wma\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.nsc = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers\WMPBurnAudioCD	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers\WMPBurnAudioCD\ = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asx = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wmv\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wmx	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wvx	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.dvr-ms\SubType = "{e06d8023-db46-11cf-b4d1-00805f6cbbea}"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11d0-A520-00A0D10129C0	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wvx\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asp = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSU	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSU\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wax = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.m3u	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.m3u\Media Type = "{e436eb83-524f-11ce-9f53-0020af0ba770}"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.dvr-ms	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSBD	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wmx\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.m3u\SubType = "{a98c8400-4181-11d1-a520-00a0d10129c0}"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\NoOpen	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.asx\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wax\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers\AVI	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\FriendlyTypeName = "@C:\\Windows\\inf\\unregmp2.exe,-9924"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\. = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wmx = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\DefaultIcon\ = "C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe,-120"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Compressors\vids	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions\AU	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.dvr-ms\Source Filter = "{C9F5FE02-F851-4eb5-99EE-AD602AF1E619}"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMST\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{083863F1-70DE-11d0-BD40-00A0C911CE86}	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMS\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wm	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wmv = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wvx = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex\ContextMenuHandlers\WMPBurnAudioCD	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\ = "Windows Mediabibliotheek"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.dvr-ms\Media Type = "{e436eb83-524f-11ce-9f53-0020af0ba770}"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMS	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMST	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions\AVI	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmdb	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.m3u\Source Filter = "{e436ebb5-524f-11ce-9f53-0020af0ba770}"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmdb\ = "WMP.WMDBFile"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.asf	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.asf\Animation = "dxmasf.dll,150"	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.asx	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.wax	be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe

C:\Users\Admin\AppData\Local\Temp\be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe
"C:\Users\Admin\AppData\Local\Temp\be22e23f08127bfc8c6c7207b39606ef2c615f5696431dc48b3d4d9c0acfa62f.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:4876

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4876-132-0x0000000001000000-0x000000000109F000-memory.dmp

Filesize
636KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads