c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8

Analysis

max time kernel
231s
max time network
333s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8.exe
Size

37KB
MD5

983b422abe6f50d346df1d6eac6e30b1
SHA1

135e4baf3639fb16a821b1c845f834786f10368d
SHA256

c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8
SHA512

6776e43b91f17de235ac4c3f11116bc1ead7694ff735707f013460ee65bfc6397f76cbbafcd6a8919a3aad1b8940fa344779e3358084ddcfb178bc82f3304795
SSDEEP

768:Mk2IlruH4eFUUG5uPZHx1gdgE3EP0xVRWn36vrDB:x2KruHrFUU8uPBgdgEUPAxjDB

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows\CurrentVersion\Run	c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\_tmp9877	c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8.exe
File created	C:\Windows\SysWOW64\_tmp9877	c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8.exe

C:\Users\Admin\AppData\Local\Temp\c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8.exe
"C:\Users\Admin\AppData\Local\Temp\c81257002c1ec7f3d03cdd2a5623cf6fbca43ff5a81212921b42099273428ca8.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/332-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download