dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1

Analysis

max time kernel
151s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe
Size

288KB
MD5

f5b6d68d18ee14aa19c8a684504f1f6b
SHA1

b81118563c6f451ea59c9d2f7d60f9b96886694a
SHA256

dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1
SHA512

c97125dd104405589dfced4e159e2daafc180e198faac74cea047c49eae5508171e26639f1e8e052395c5f81695b4cd397c75d3f9e34dc5da4e1da7020e951a3
SSDEEP

6144:SpUNo1agvnDxkfp1ubAbyk0pUNo1agvnD:SpggvD1bA4pggvD

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1"	dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1668	dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe
1668	dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe
1668	dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe

C:\Users\Admin\AppData\Local\Temp\dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe
"C:\Users\Admin\AppData\Local\Temp\dd4ef22211ed278995d99c7012326590eb9c607116716eda4ad0b63145548fd1.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download