db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20-08-2023 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
Size

1.3MB
MD5

f89088ff385c4d93ad9cf9173cd1a41a
SHA1

c1d4d59a6845670cf3d97d78f87b57bda0c9e3d8
SHA256

db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07
SHA512

deb9bcdf39c730125ff3a378f7c22ab97df7cf6745ef43af1add3746534c330e91577abdd05814eff85df925d7facf0290863e326e76b30c350f259c71be83ea
SSDEEP

24576:VcR2GXFIM2a3bSMMCwBLIMz0ts+l0GDSVXT5XwSzd0pE3x/ya:iVIM2qbSMMCwrJLXT5X9KIx1

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
Token: SeDebugPrivilege	3044	db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe

C:\Users\Admin\AppData\Local\Temp\db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe
"C:\Users\Admin\AppData\Local\Temp\db01129d63006e820545aefcb8bfb0d582ef7b241cf8dd7a1942e80597f74e07.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f14f54aa4978e3174514f64fe80e12c

SHA1
8f5e9df241f0e7035bfdd85a6fb0b6a8ea1554bc

SHA256
c360b78b470053d667a9be0a6a7aebc60231eff70db359110c01de6a6765e145

SHA512
6629ed405823b4f37331edf58ac7407260079f224bcb9e39a504a4eaaef90f00c10e0dc4f2e0ecc3d4724f7c9983389547008cffbaa3e38d9084331f3d00823a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a5d8299f687b4ce520d35425a4577c6

SHA1
d5c2b64b32d0c87d90b9d4d29e1f7a7a0ce47521

SHA256
ab10b55b835dd9d5749aa213f772b5129281078776d449be3c15d0e03327d43e

SHA512
878b23253f6ec78ef6e4b2e2bee52e9e26865911ae5e5b0754c21c3351c8ae90552aec92ac8e20cd98fd364d13af82317e0eac8c386fb2fd8b6f6ab26d639604

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE581.tmp

Filesize
62KB

MD5
3ac860860707baaf32469fa7cc7c0192

SHA1
c33c2acdaba0e6fa41fd2f00f186804722477639

SHA256
d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

SHA512
d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE5A3.tmp

Filesize
164KB

MD5
4ff65ad929cd9a367680e0e5b1c08166

SHA1
c0af0d4396bd1f15c45f39d3b849ba444233b3a2

SHA256
c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

SHA512
f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

Download Submit
memory/3044-59-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3044-58-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3044-60-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download
memory/3044-65-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download
memory/3044-64-0x000007FEF6150000-0x000007FEF6B3C000-memory.dmp

Filesize
9.9MB

Download
memory/3044-66-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download
memory/3044-54-0x0000000001E10000-0x0000000001E44000-memory.dmp

Filesize
208KB

Download
memory/3044-57-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download
memory/3044-56-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download
memory/3044-55-0x000007FEF6150000-0x000007FEF6B3C000-memory.dmp

Filesize
9.9MB

Download
memory/3044-185-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3044-186-0x0000000001DF0000-0x0000000001DFA000-memory.dmp

Filesize
40KB

Download
memory/3044-187-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download