963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a

Analysis

max time kernel
151s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 22:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a.exe
Size

82KB
MD5

885d0b038f7bf797e15eb3266197897a
SHA1

cb4f561d10823b6733cd706bfcbaaaef47e5731e
SHA256

963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a
SHA512

1dcb71b959eb61a6cf4ca9a92e454042eac61b51cf2b01977ec5f37de8427e2c742d340f8b04261e525eb12db458f83e607cdb37b000d3df7f1650457cb0c57c
SSDEEP

1536:BS/DTjXbnn6AQjss33kYRoSwWaFZE+uM1D+rb:w/njXbnn6AQjss333RKFFqed+rb

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Ztbwgr = "C:\\Users\\Admin\\AppData\\Local\\Temp\\963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a.exe"	963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a.exe

C:\Users\Admin\AppData\Local\Temp\963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a.exe
"C:\Users\Admin\AppData\Local\Temp\963fef495edc0d1a351ac9b71f1e0668daca36d5a92f16b54b293465bfbf142a.exe"
1⤵
- Adds Run key to start application
PID:4040

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4040-132-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4040-133-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download