c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8

Analysis

max time kernel
177s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe
Size

324KB
MD5

ff3143f6754bf84508798d467b39acc6
SHA1

43066efe4b83e00600689b5b4312fb31db2fd9a9
SHA256

c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8
SHA512

d99f5dc11bb392768b11b2b3990466335b879627d86c64e861b1bf88fdedbfb95975221212f953ffcc22b2e576964aaa6eda3a9bc8f59198ae52785d737e4cdd
SSDEEP

6144:3zLpkq+syinifGR19KyiQvM0WjLbZJcNaSMI9:33uA19KyvvMljLbALf

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\regscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe"	c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices	c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\regscan = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe"	c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe

C:\Users\Admin\AppData\Local\Temp\c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe
"C:\Users\Admin\AppData\Local\Temp\c455ac14638af5e6e948f6c9d633f2cbe7a34b03da8d39b97d292cf5f1befdf8.exe"
1⤵
- Adds Run key to start application
PID:3388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads