259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 07:11

Target

259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0.exe
Size

27KB
MD5

34b0b14a130c14098f4d65aac869e950
SHA1

f8a4607a64acbf6375022ff375ab3682e3436412
SHA256

259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0
SHA512

26f32cdfa7da559e7b2fef74382945a54cf0dc0e084d235e7b39e5b2d726c9ae1ae731e7d96721e53eb5d42bfebd56a487c256bf904017ae1ac14a4647f372da
SSDEEP

384:cBcNnuwLMKUeog4phzuVDVn28bL40hpiNHDTD9vBQq9nUTPFYxU:vNnuRKUecphzuf2yHMRD3tBQOnUTPFY

Score

6^/10

evasion trojan

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3004	259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0.exe
3004	259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0.exe
3004	259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0.exe
3004	259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0.exe
3004	259682b7417b8fd02a9cef907fdacce57fb2a3a62fa6eca17f33cea2f840e5d0.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact