86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7

Analysis

max time kernel
151s
max time network
150s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 06:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7.exe
Size

814KB
MD5

36c092ba186b423d84247e218468f7b7
SHA1

18b680241c7064b4c76329283dd87769016a7788
SHA256

86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7
SHA512

56ccee3ed4aa66b9ea20db3089b7bf9f9a384f983a1b7f78b9503687b769246f474180f6181081fac3cce966064033c0115bd90a83e256dea63a6717852d976d
SSDEEP

12288:QKLtbjwrd8Zg75HiaGY9C/m+iCPFPc0hEB1h6j7qNxwo5nxAVC7CyUbjHwCkhqLZ:Qojwy21HJMP5hEX2to5D7FUPwCko1

Score

8^/10

discovery persistence upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1056-55-0x0000000000400000-0x0000000000611000-memory.dmp	upx
behavioral1/memory/1056-56-0x0000000000400000-0x0000000000611000-memory.dmp	upx
behavioral1/memory/1056-57-0x0000000000400000-0x0000000000611000-memory.dmp	upx
behavioral1/memory/1056-58-0x0000000000400000-0x0000000000611000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\SonyAgent = "C:\\Users\\Admin\\AppData\\Local\\Temp\\86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7.exe"	86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7.exe
"C:\Users\Admin\AppData\Local\Temp\86d73f1121e0d0ac17cf7e11d8eeb3d9ec801faabe3a365f4f025fe0ffe9ecd7.exe"
1⤵
- Adds Run key to start application
PID:1056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1056-54-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/1056-55-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download
memory/1056-56-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download
memory/1056-57-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download
memory/1056-58-0x0000000000400000-0x0000000000611000-memory.dmp

Filesize
2.1MB

Download