e6fc605f25c6c84e539ac9244ad464251452cac1b27b27727ffec5737d00dd92

Analysis

max time kernel
42s
max time network
60s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/02/2023, 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2d86254714ec18e97bf11a23615ea5f727b9848.exe
Size

21KB
MD5

e312385f64e6b8fd667b4f9b5ea1ff70
SHA1

f2d86254714ec18e97bf11a23615ea5f727b9848
SHA256

e6fc605f25c6c84e539ac9244ad464251452cac1b27b27727ffec5737d00dd92
SHA512

9c8fcafa50ea91421f26a24440ad734126774969c4ee9ead9978b8738bf8eb4da11c0165d80d4eb8479475ceda43afd580efa86f8ad2cb94ba2d26048dfe9155
SSDEEP

384:jPCRrF9VrFq1CRz7nHYX8Nw1aKtaQDXZUmgB1b9To8J91ir:jCV+sQWwcKtWmORTo8O

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Swasdqwds = "C:\\Users\\Admin\\AppData\\Local\\Temp\\f2d86254714ec18e97bf11a23615ea5f727b9848.exe"	f2d86254714ec18e97bf11a23615ea5f727b9848.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	f2d86254714ec18e97bf11a23615ea5f727b9848.exe

C:\Users\Admin\AppData\Local\Temp\f2d86254714ec18e97bf11a23615ea5f727b9848.exe
"C:\Users\Admin\AppData\Local\Temp\f2d86254714ec18e97bf11a23615ea5f727b9848.exe"
1⤵
- Adds Run key to start application
PID:884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/884-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download