89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75

Analysis

max time kernel
142s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Size

84KB
MD5

575f663107228099bda0f82085ce6aaa
SHA1

e2cbad8352467e33d28fd3846710d0ad8e212889
SHA256

89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75
SHA512

dfeb9a7387c333d787066dfc66178f385b2227e1ecbd6b5a331759afdf07bdf15a9def029b6cdb0243a8e9ff4a8debb95972815653060d01b407ee701d8e9593
SSDEEP

1536:/g7xAYN4Uq0LgMYm+e848YfsPtsU6aL3AEBo1:uAY/qeWF4+3p

Score

8^/10

persistence

Malware Config

Signatures

Sets file execution options in registry 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmapapp.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McShield.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ufseagnt.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmapapp.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.xe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpdaterUI.exe	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp\Debugger = "C:\\WINDOWS\\system32\\migpwd.exe"	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe

Suspicious behavior: EnumeratesProcesses 57 IoCs

pid	Process
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Token: SeDebugPrivilege	1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
Token: SeDebugPrivilege	1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1088	89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe

C:\Users\Admin\AppData\Local\Temp\89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe
"C:\Users\Admin\AppData\Local\Temp\89618f868e7a93f67c685018b453903a6009336f6ebc0b43c5df404a3ec06e75.exe"
1⤵
- Sets file execution options in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1088-56-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/1088-57-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download
memory/1088-58-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download