94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a

Analysis

max time kernel
246s
max time network
349s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 13:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Size

364KB
MD5

aac32afc834831ca72e304c92e2496af
SHA1

1316cc74b1d361d8e0ff3839c3d9e681025b4126
SHA256

94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a
SHA512

8cc0fbe8e9f3768c105b60b6eec72a852af7d9143026610fa0c3e89516feef5d1cee45ccbd83dc289c05ca456a62cde0f8ea2c970f1ce6b54d72a6d8ba4ed29d
SSDEEP

6144:M+wP3nzcl/uNRjhR7uRB710wmYmN7CS/BFh6kZS:jlm/jhduX10wyN73P65

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 18 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\ = "Microsoft Windows Media Player 12.0"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,7601,17514"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\wmsetup.log	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.dvr-ms\Source Filter = "{C9F5FE02-F851-4eb5-99EE-AD602AF1E619}"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSBD	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.asx\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions\AVI	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MMSU	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wmv\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wma = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers\WMPBurnAudioCD	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers\WAVE	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\DefaultIcon\ = "C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe,-120"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wm	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wvx = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers\WMPBurnAudioCD\ = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wmv	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmdb	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\FriendlyTypeName = "@C:\\Windows\\inf\\unregmp2.exe,-9924"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wma	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u\Source Filter = "{e436ebb5-524f-11ce-9f53-0020af0ba770}"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.wmdb\ = "WMP.WMDBFile"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSBD\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wax	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wma\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wvx	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex\ContextMenuHandlers	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\shellex\ContextMenuHandlers	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u\SubType = "{a98c8400-4181-11d1-a520-00a0d10129c0}"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.asf	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Extensions\AU	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\NoOpen	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\ = "Windows Media Library"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DA4E3DA0-D07D-11d0-BD50-00A0C911CE86}\Instance\{083863F1-70DE-11d0-BD40-00A0C911CE86}	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMS\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wax\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wm\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asx = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.nsc = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile\shellex\ContextMenuHandlers\WMPBurnAudioCD\ = "{8DD448E6-C188-4aed-AF92-44956194EB1F}"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.m3u\Media Type = "{e436eb83-524f-11ce-9f53-0020af0ba770}"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{33FACFE0-A9BE-11d0-A520-00A0D10129C0\0 = "0,4,ffdfdfdf,3C53414d"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MMST\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.asf\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.asx	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asf = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.asp = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\RIFFHandlers\AVI	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WMP.WMDBFile\DefaultIcon	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.dvr-ms	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wmx	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wmx\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wmx = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wmv = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{33FACFE0-A9BE-11d0-A520-00A0D10129C0	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.wvx\Animation = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\http\AnimExtensions\.wm = "dxmasf.dll,150"	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\wmafile	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AVIFile\Compressors\auds	94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe

C:\Users\Admin\AppData\Local\Temp\94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe
"C:\Users\Admin\AppData\Local\Temp\94ba6ec33124fde873bf5a2ff35187ea8db35b7671457ed47049bb301bfe537a.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/756-54-0x0000000074E61000-0x0000000074E63000-memory.dmp

Filesize
8KB

Download
memory/756-55-0x0000000001000000-0x000000000109F000-memory.dmp

Filesize
636KB

Download
memory/756-56-0x0000000000370000-0x000000000040F000-memory.dmp

Filesize
636KB

Download
memory/756-57-0x0000000000370000-0x000000000040F000-memory.dmp

Filesize
636KB

Download
memory/756-58-0x0000000001000000-0x000000000109F000-memory.dmp

Filesize
636KB

Download
memory/756-59-0x0000000000370000-0x000000000040F000-memory.dmp

Filesize
636KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads