c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
12-08-2023 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
Size

1.9MB
MD5

4d2e543af8a08081382dfc1172399538
SHA1

3102b982b8f2baba0291963dcd56b79d696a4e3d
SHA256

c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4
SHA512

6c0ea9a82ed651bc582ae60e70399c2ecfc44a834b4ab71b1eebe6e9ea4f415a7b27a929e37f09b687973f7d0e8af1bea1a75cb856de533886c0a0fbe548fc91
SSDEEP

49152:U7gmLRegEdJScgtyOyUO5/DKpFXT5Xm9Bn1w4:U7vC+y7EpFD5S17

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
Token: SeDebugPrivilege	1300	c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe

C:\Users\Admin\AppData\Local\Temp\c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe
"C:\Users\Admin\AppData\Local\Temp\c9b4a769c7d70a33fba8b23126a27a04c22c88ea0e449343407a236c0cf3beb4.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
138b2893e78321a7a960d1b759275bf2

SHA1
fe03ca3ca22c635bf592b175c405d9be6a023a8a

SHA256
8c3270049a0135e31a146550df7abc06182d7cb4c146e463f21a0d7b07bd4704

SHA512
19624510928d2659faf209b613618641ac20e70fe836c6c551710f61c442f7c826ad8bbdb63dfb1fc169a3a014b945a8cce7c8751aaae7ddd3ce573d88965816

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
941b1322d719a127f05ca1985b6b20b6

SHA1
f416264bd70fd1bf22b4b12599820dd430ed2571

SHA256
a85392b8eb738f1ad346282d09e9fa7effdf8b47277bd620121d20a5b7768fdb

SHA512
7ad2640302154de1dcbde2f6bb87a23fd12a3467395f1f0c54a94373302c646e35a6cdc6cfa58f8719cf77fcc8da1579dae2c1459896d570b0a6b28d19d82d7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1872.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar18A4.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
memory/1300-59-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/1300-58-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-60-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/1300-61-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-64-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

Filesize
9.9MB

Download
memory/1300-67-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-66-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-68-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-69-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-54-0x0000000000250000-0x0000000000284000-memory.dmp

Filesize
208KB

Download
memory/1300-57-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-56-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-55-0x000007FEF50D0000-0x000007FEF5ABC000-memory.dmp

Filesize
9.9MB

Download
memory/1300-212-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/1300-213-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/1300-214-0x00000000002A0000-0x00000000002AA000-memory.dmp

Filesize
40KB

Download
memory/1300-215-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download