33094eb48046d2d9f0d46f9eb1516d304e814c16cc0fb8c6b6fc72242b984d82

Analysis

max time kernel
192s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

htirqjpbpm.exe
Size

650KB
MD5

16b9a3ced87cf2240a878c929a7d9fc7
SHA1

8d1014b4473ab0e413d59c37b5f4c6d9e4c6828b
SHA256

33094eb48046d2d9f0d46f9eb1516d304e814c16cc0fb8c6b6fc72242b984d82
SHA512

bcbb4503a974668474c3e954a3a53c0d7d0f6b6a2ebfaa7de0ba45ac6236b8694a9da6cc8f4fbad7b596507a4860aca67cf60202a4caea296ca99a86c3b1e125
SSDEEP

12288:UTiVe8dnzTX36HQ3Z7Slv/Wu1R1EeZh1FgPhfZaoO6sn0wpRG266ZVX24pnA:U98ZTH7ex/ZVg1YoFO0wnDJHC

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8B3C5B9B867D4BE46D1CB5A01D45D67DC8E94082	htirqjpbpm.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\8B3C5B9B867D4BE46D1CB5A01D45D67DC8E94082\Blob = 0300000001000000140000008b3c5b9b867d4be46d1cb5a01d45d67dc8e94082140000000100000014000000944fd45d8be4a4e2a680fefdd8f900efa3be025704000000010000001000000005ee9c2ac66f75d964ac5f1a3c7de75d0f000000010000002000000047bd516f97a31c66da13f4872bf53bdc412f1f35827effd5e6294b3381418f96190000000100000010000000dcd187c218ef551cb964f26fd9464f1e5c00000001000000040000000008000018000000010000001000000014c3bd3549ee225aece13734ad8ca0b84b0000000100000044000000450032004300360043004200410046003000410046003000380043004600320030003300420041003700340042004600300044003000410042003600440035005f0000002000000001000000910400003082048d30820375a00302010202100d07782a133fc6f9a57296e131ffd179300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3137313130323132323333375a170d3237313130323132323333375a3060310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d311f301d0603550403131647656f547275737420544c532052534120434120473130820122300d06092a864886f70d01010105000382010f003082010a0282010100be17e8ecbe290acbfeb92d6131fd332408322e59e821d4d830be6e10c884a03fba14e5defd7a8c921b7bce842df0ff78c432e8a9a07d5f06da7b9b4b53a6c61b021721e1703badfb83eb085481a8de12b2d5c6889630f902fc39d4bdb822ef804999d062b861d049decbc2cb97a531061bd7d85dc6d354de5201362a0df6dec5b6314ccc15256a156fa96b04480cde0041aa28808b2f34d31bb536ad3b25d08842406c36916d65b21986c0d27f394658fe30126050dceebb73e657905af60dcad7044b476a6f341a9d92361a2ed94e54ed47ac0cbff180b2baff477be939c454c494549919f15799afe214225be82ebb632dbaae81bd13dce6175be0905349010203010001a38201403082013c301d0603551d0e04160414944fd45d8be4a4e2a680fefdd8f900efa3be0257301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d30420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053300d06092a864886f70d01010b05000382010100821c043a82e9c5a9c865125c08e301c630b0ae2288617b2b0786f7b8b5449cf5930661468a3aa2b53526d0589e3cc1738fbfb179a71c99379a53f22f5c6e200b7db0c782efebeb791205e701410b4302379b1b1f084d37527329b89f35e3f9a33a59750166902a3e9de062291e87a8803e2cc4cc08c32ebf6921186b8f1e6b43cdee06984199b582f217c110a5ae588cfb95ea4d82aff3775f11694f7851a6dff7bac53f65bf707ca3ed5a9a339d9e3fe38735a7daf315c658ad6923dc0fbb4cd0491341a63f67e15e13f50ff5d57c85bf874c8224612257d1a59bfb8639adc35c79666c07314b2091ada1be641900ee1e1278ce98f25ffb3014693c2cfa97c6	htirqjpbpm.exe

C:\Users\Admin\AppData\Local\Temp\htirqjpbpm.exe
"C:\Users\Admin\AppData\Local\Temp\htirqjpbpm.exe"
1⤵
- Modifies system certificate store
PID:4940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4940-132-0x0000000140000000-0x00000001400DA000-memory.dmp

Filesize
872KB

Download