b3a0fc960dc44bb7076bd5dafb530e22e6a87415c8361c2d3fcecb078917b80d

Analysis

max time kernel
1s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 14:09

Sharing

Copy URL

Twitter E-mail

Reason

Reading agent response: read tcp 10.127.0.1:58610->10.127.0.149:8000: read: connection reset by peer

Report Analysis Logs

General

Target

b3a0fc960dc44bb7076bd5dafb530e22e6a87415c8361c2d3fcecb078917b80d.exe
Size

92KB
MD5

0fd74fa00f2743ea0190fc5238c1baec
SHA1

401d7fd5d883b5b137bcb69905fa7d3efd7a277b
SHA256

b3a0fc960dc44bb7076bd5dafb530e22e6a87415c8361c2d3fcecb078917b80d
SHA512

b796ae53e457c97ad3724476678de3f712869dca48a785989a68a6a2f11b7c096557b92deb16600ae078729d07288003ad742c980df0518aebedfba06d10683c
SSDEEP

1536:8sYd1OXSDu85QhERBARFl/rDaUwBKYWNK7GDpCUfkUWAlqeTCQ1ioSJlIU:8scOCDT5QUoz//aDBKYWkiMUc3Eqe/in

Score

8^/10

persistence

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\rgzwnyj.dll	b3a0fc960dc44bb7076bd5dafb530e22e6a87415c8361c2d3fcecb078917b80d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1976	b3a0fc960dc44bb7076bd5dafb530e22e6a87415c8361c2d3fcecb078917b80d.exe

C:\Users\Admin\AppData\Local\Temp\b3a0fc960dc44bb7076bd5dafb530e22e6a87415c8361c2d3fcecb078917b80d.exe
"C:\Users\Admin\AppData\Local\Temp\b3a0fc960dc44bb7076bd5dafb530e22e6a87415c8361c2d3fcecb078917b80d.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1976

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1616

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1616-56-0x000007FEFC161000-0x000007FEFC163000-memory.dmp

Filesize
8KB

Download
memory/1976-54-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download
memory/1976-55-0x0000000001000000-0x0000000001018000-memory.dmp

Filesize
96KB

Download