Analysis
-
max time kernel
6s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
27-05-2023 10:54
General
-
Target
trial autoreset.exe
-
Size
178KB
-
MD5
224fbfdb25aa26a626748a4b1bff537d
-
SHA1
5bed1ae77f8bb4e82a98c33781c05be0319dc6de
-
SHA256
4b11345f599c34fa40d32bebbe4763034fb97b97dacf1993eff0e3c99dd73dfd
-
SHA512
78b53909280f42758bb4dabea9602a873a238928ff5d7aaf4a009dd8c631acba5ede00cf9ca3844636fb2e6597978582640c8190a14a8b759ff713671c8101cf
-
SSDEEP
3072:xwxVMhOC/dTDbq91+mno3t4QZQ3rs2TTNTJTCN5gTGhSkT5dgsUGOgkBFVYbsVTZ:xTfFDbRnOTrEW0ct
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Runs .reg file with regedit 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\trial autoreset.exe"C:\Users\Admin\AppData\Local\Temp\trial autoreset.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Windows\reskey.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regedit.exeregedit /s remkey.reg3⤵
- Adds Run key to start application
- Runs .reg file with regedit
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
480B
MD5ce60d15b5cf5cec004e180bf6895dcd2
SHA17982a353a231311cd230e5cfe96d2170ee87eb1f
SHA256cb388905bce903c41db4815f6dd3978d7746e27da29822c70d15be184cd98e05
SHA512c75624cabb902ba7fe2821360b30bd352fe3e36ee30069a7909f112c63be7287e6b750ad86a2c5e2590f8a74a2e6e0ee801057eaac63d25024b1ffcd457e1927
-
Filesize
59B
MD563499244564d803ced1efcfa08d385cd
SHA133cc307e584588e0f6d10941e99c5ddce38dc264
SHA256d5bef8f9ac790d33ab32bb906924d0b90fd7e3397cf24db4b200192069ae11df
SHA512427c3572d86b7571e0d2e37c94c02d4d85988d528b0c124759e6e8c65e183883f8ceff8cb4829e922c1a73555376c5fc3b513772d3a2c06dccd2227d00f4334e
-
Filesize
216KB