fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2

Analysis

max time kernel
153s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe
Size

64KB
MD5

f42abe6c69afc831b18f7bb52e3ee5c4
SHA1

db97d05e86fcd6c134ab271c40456d41bacfb6bd
SHA256

fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2
SHA512

04d5b1874b7c5687f13651e7ebdb3e08ec0f966d7d550a4614804d1a1cc4e49184f82a397033d752bf430a716fff89ed54200a87aaea99e6c04af2a619255647
SSDEEP

192:/D+c8Y37DybrgKmcna7wySLsTkfoqRElTiEEFS05mFrnb2BsMkV1egS:/DGYLGbrPfac176XJ05mekfe

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Isass.exe = "C:\\Windows\\system32\\Isass.exe"	fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\autorun.inf	fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe
File opened for modification	C:\autorun.inf	fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Isass.exe	fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe
File created	C:\Windows\SysWOW64\Isass.exe	fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe

C:\Users\Admin\AppData\Local\Temp\fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe
"C:\Users\Admin\AppData\Local\Temp\fa42e5ab296e20cb353960330fa0241665db51ce54c58a3b159e90e69b664cc2.exe"
1⤵
- Adds Run key to start application
- Drops autorun.inf file
- Drops file in System32 directory
PID:4532

Network

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

T1091

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

T1091

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads