44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0

General

Target

44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
Size

341KB
MD5

3e992824465f02894e443cc255fff678
SHA1

0c95d1a78a548c60da4f2c15465efd2e122bb8da
SHA256

44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0
SHA512

becd6d844a43ad48d6c0b9af2cbf15b7f6085c5bab5c4eae4bd909b0064c7fca22a6601b94416f86a9e51a4a6f88cdbe73723a2862ff25c222b2f75809d3b9a3
SSDEEP

3072:C590b6bbtLvW6RGwcpOarU+uLjxIBOeorP6hbHR3UiumZe6uQjiMTE5KlafM:CIktLe566IxIEvqDR3Upz6uQj91la

Score

10^/10

evasion trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 5 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

Processes:

44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

pid	process
2900	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
2900	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

description pid process

Token: SeDebugPrivilege 2900 44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

description	pid	process
Token: SeDebugPrivilege	2900	44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe

C:\Users\Admin\AppData\Local\Temp\44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe
"C:\Users\Admin\AppData\Local\Temp\44946a180522e0a95656ed6be0cdb70acf648b7c3eae27850762ac344b05f8d0.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Windows security modification
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2900-115-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-116-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-117-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-118-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-119-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-120-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-121-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-122-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-123-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-124-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-125-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-126-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-127-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-128-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-129-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-130-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-131-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-132-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-133-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-134-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-135-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-136-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-137-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-138-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-139-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-140-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-141-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-142-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-144-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-143-0x000000000065C000-0x000000000067C000-memory.dmp

Filesize
128KB

Download
memory/2900-146-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2900-145-0x0000000000500000-0x000000000064A000-memory.dmp

Filesize
1.3MB

Download
memory/2900-147-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-148-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-149-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-150-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-151-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-152-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-153-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-154-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-155-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-156-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-157-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-158-0x0000000002430000-0x000000000244A000-memory.dmp

Filesize
104KB

Download
memory/2900-159-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-160-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-161-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-162-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-163-0x0000000004CD0000-0x00000000051CE000-memory.dmp

Filesize
5.0MB

Download
memory/2900-164-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-165-0x00000000025E0000-0x00000000025F8000-memory.dmp

Filesize
96KB

Download
memory/2900-166-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-167-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-168-0x000000000065C000-0x000000000067C000-memory.dmp

Filesize
128KB

Download
memory/2900-169-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download
memory/2900-170-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/2900-171-0x0000000000400000-0x0000000000471000-memory.dmp

Filesize
452KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads