778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a

General

Target

778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
Size

363KB
MD5

01bc3df99ab67babcdc1577241e3ee87
SHA1

c11c6465d4de6b6588b565c577a9eaad80d409d4
SHA256

778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a
SHA512

107ca576ed9599a079f9c2e90ede1f60313a59c0c46b99272665a5d8b56166dc7af422b9e8cd65c20fd7f878d03c64a06ed0af943b95967e92b8ccb4aabc6a95
SSDEEP

6144:x/LzDM0Y/Wuw3iNcTfi5xExViGUTuQj9gZaM5:x/PD8WDyGViBTlj6ZD

Score

10^/10

evasion trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

Processes:

778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

pid	process
3520	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
3520	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

description pid process

Token: SeDebugPrivilege 3520 778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

description	pid	process
Token: SeDebugPrivilege	3520	778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe

C:\Users\Admin\AppData\Local\Temp\778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe
"C:\Users\Admin\AppData\Local\Temp\778bd7b213d42773deeb1df58089f30fc9310555a97a9654a90afb63208bbc9a.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Windows security modification
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3520

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Disabling Security Tools

2

T1089

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3520-116-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-117-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-118-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-119-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-120-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-121-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-122-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-123-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-124-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-125-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-126-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-127-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-128-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-129-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-130-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-131-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-132-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-133-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-134-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-135-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-136-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-137-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-138-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-139-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-141-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-142-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-143-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-144-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-145-0x0000000000480000-0x000000000052E000-memory.dmp

Filesize
696KB

Download
memory/3520-146-0x00000000021B0000-0x00000000021DD000-memory.dmp

Filesize
180KB

Download
memory/3520-148-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-147-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/3520-149-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-150-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-151-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-153-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-152-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-154-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-155-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-156-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-157-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-158-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-159-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-160-0x0000000002390000-0x00000000023AA000-memory.dmp

Filesize
104KB

Download
memory/3520-161-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-162-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-163-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-164-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-165-0x0000000004E40000-0x000000000533E000-memory.dmp

Filesize
5.0MB

Download
memory/3520-166-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-167-0x0000000002670000-0x0000000002688000-memory.dmp

Filesize
96KB

Download
memory/3520-168-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-169-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-170-0x0000000000480000-0x000000000052E000-memory.dmp

Filesize
696KB

Download
memory/3520-171-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download
memory/3520-172-0x0000000077A00000-0x0000000077B8E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-173-0x0000000000400000-0x0000000000476000-memory.dmp

Filesize
472KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads