e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f

Analysis

max time kernel
164s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 11:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f.exe
Size

720KB
MD5

5da0db02b191f3cdf9be3b8590a9f2d0
SHA1

1312e6a796ea8a988735cd3d5479fd94e4f898cd
SHA256

e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f
SHA512

231fc7722b80ba3f89814f00eeed53485a662c0c1e24594edf6e7a284b03f4694f41f44f496af50f5d8b4cfde4f0451e782ba7790a10bb51fcc4369afa782ae2
SSDEEP

12288:cIRfFMNP8gYG6b91TXsSu3V7rzga+Hwsgvl7cOdxgWKd+1kN9CToR7z8q:codn91413V7Nfvl7ndl1aR7z

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AS2014 = "C:\\ProgramData\\g3Ur6a39\\g3Ur6a39.exe"	e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f.exe

Checks SCSI registry key(s) 3 TTPs 2 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f.exe

C:\Users\Admin\AppData\Local\Temp\e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f.exe
"C:\Users\Admin\AppData\Local\Temp\e190b7a15a938279e6b24521ac3b515e0f2bb605d5ec6aad28a1a48b88f62b3f.exe"
1⤵
- Adds Run key to start application
- Checks SCSI registry key(s)
PID:4180

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4180-132-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/4180-133-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download
memory/4180-134-0x0000000000400000-0x0000000001400000-memory.dmp

Filesize
16.0MB

Download