306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577

Analysis

max time kernel
41s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 13:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577.exe
Size

1.1MB
MD5

9e8bc46763b5c38fa7bca56d582215ea
SHA1

d3d6f2c4cfa4d2202eb87fd401799b2800beb1d0
SHA256

306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577
SHA512

88f863c711a5beb5f1b41729cb4a3dc2a313e9c5b903e1385ccc5e47ee7b8141bdd50dfa695c909e0f23fd599768859f3f586c85fad536894f84699dab571a19
SSDEEP

24576:js843yuAnmcO0Mk8npHCjU3+0rITzZyh+zT/rmBvyQ8EwISD7Q:UsmcOvvpHCw3J8lym7rCaQ8E/SDk

Score

8^/10

persistence upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1884-55-0x0000000000400000-0x000000000071F000-memory.dmp	upx
behavioral1/memory/1884-56-0x0000000000400000-0x000000000071F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577.exe"	306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577.exe

C:\Users\Admin\AppData\Local\Temp\306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577.exe
"C:\Users\Admin\AppData\Local\Temp\306205f4e7ced6cc61785b6768f4d1c534b16bc813dbf29deb7a0359fdf85577.exe"
1⤵
- Adds Run key to start application
PID:1884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1884-54-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/1884-55-0x0000000000400000-0x000000000071F000-memory.dmp

Filesize
3.1MB

Download
memory/1884-56-0x0000000000400000-0x000000000071F000-memory.dmp

Filesize
3.1MB

Download