890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338

General

Target

890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338.exe
Size

370KB
MD5

70e469d15e054582f06401a55f389eb4
SHA1

5fccd99f6e5e058114f3bad442c4a6ce6d1158f0
SHA256

890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338
SHA512

ab156a8a09625fb8682cbf036ab35377a2abbaf4011739b534cb1ee5ddfa498207b650507e359674307490b24c9638fdf99891aa022122c0b64a4b3146c8d5a9
SSDEEP

6144:XGWNVo/JdhiczRSvRfQrqX6iWZ5gz4vYZ+sqUqORo/FHEDJd6kwrEA:Jq/rhRdSdQu6imm4OfqU1RYM6kwn

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 3 IoCs

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47409000000010000000c000000300a06082b060105050703011d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c00b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f00740000000f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338.exe

C:\Users\Admin\AppData\Local\Temp\890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338.exe
"C:\Users\Admin\AppData\Local\Temp\890c3d8799aab89e94c77c1ab285f5cb73b5bc8dea24bf416b3e461dec14b338.exe"
1⤵
- Modifies system certificate store
PID:2024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-55-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-56-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-57-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-59-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-58-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-60-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download
memory/2024-62-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-61-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-63-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-65-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-66-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-67-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-68-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-69-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-70-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-71-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-73-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-72-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-74-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-75-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-76-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-77-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-78-0x0000000000460000-0x0000000000462200-memory.dmp

Filesize
8KB

Download
memory/2024-79-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-81-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2024-82-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2024-83-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing