9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277

Analysis

max time kernel
134s
max time network
181s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe
Size

6KB
MD5

ed03859e6d9c8fd45bd17e27396b5562
SHA1

3876000ff3db25f7e3958c10226d9c6f585da2fd
SHA256

9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277
SHA512

ce13234e7b44c0f81b954afd5bc92d6a5eb24aa2bd9986368ba6ac20e96662edac3aa41c931e92eeb33bf1cdc1a0fd9acd2c7d00f5edb811508097c8146bd895
SSDEEP

96:ppgclWGYEPQqHWBFxOuV2fhgK+PgA7qmmKUzNt:/iGd4q2nxOi717e

Score

7^/10

persistence

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe	9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\AppData = "C:\\Users\\Admin\\AppData\\Roaming\\9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe"	9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\User = "C:\\Users\\Admin\\9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe"	9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\Temp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe"	9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe

C:\Users\Admin\AppData\Local\Temp\9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe
"C:\Users\Admin\AppData\Local\Temp\9fa54932e49ff8189f333aecd28edcff086820a86d5cf197381499a73a2bc277.exe"
1⤵
- Drops startup file
- Adds Run key to start application
PID:908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/908-54-0x000007FEF3A90000-0x000007FEF44B3000-memory.dmp

Filesize
10.1MB

Download
memory/908-55-0x000007FEF29F0000-0x000007FEF3A86000-memory.dmp

Filesize
16.6MB

Download