99d1d711f37401f45408c37adf208553b964a84940fc1e9f50bdd3598301ef78

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
03/09/2023, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
Size

13.8MB
MD5

19d62ae9967554e1705aaefcb50b5b63
SHA1

bd7efed4e49da162684be0e29e781d8268420c9a
SHA256

99d1d711f37401f45408c37adf208553b964a84940fc1e9f50bdd3598301ef78
SHA512

1ec97d9232ae274783b3a55bd921b5a7127cc4a4ec04da1a49d4c6b8156f15a800b32ff8bbcfdd4b3a98cd4e0a7073d0b9ab76140695076ca68a65b6aa05d714
SSDEEP

196608:wjWEjWWs3TehREvuI+kL2t0La3ZzpRvcV93dPT3E:ycT7vMkL27CV93x3E

Score

8^/10

persistence ransomware

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\windows\SysWOW64\drivers\spo0lve.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\windows\SysWOW64\drivers\spo0lve.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\spron = "C:\\Users\\Admin\\AppData\\Local\\Temp/2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe"	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\pigdesk.bmp"	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jar.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jinfo.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jrunscript.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ssvagent.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\klist.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdb.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\tnameserv.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jjs.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\xlicons.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\klist.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\keytool.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\schemagen.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\msouc.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\ohub32.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jmap.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\misc.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\rmiregistry.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pubs.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jcmd.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmiregistry.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\protocolhandler.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\javah.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jp2launcher.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\javaws.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jdeps.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jsadebugd.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\jstack.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\officeappguardwin32.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\SmartTagInstall.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\pack200.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0409-1000-0000000FF1CE}\misc.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\rmid.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\javaws.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jp2launcher.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Control Panel\Desktop\WallpaperStyle = "2"	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\Control Panel\Desktop\TileWallpaper = "2"	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
1272	2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe

C:\Users\Admin\AppData\Local\Temp\2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe
"C:\Users\Admin\AppData\Local\Temp\2023-08-23_19d62ae9967554e1705aaefcb50b5b63_icedid_lightbolt_JC.exe"
1⤵
- Drops file in Drivers directory
- Adds Run key to start application
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\Uninstall.exe

Filesize
13.8MB

MD5
233dbfbccf48637e8335eb8ecbf36af6

SHA1
daeedc3026f75a3037baafad441b115ea0142d5e

SHA256
a954488d54e042b043d947eef754bb75532751f63249c3f2b322517e9910f31b

SHA512
049e65c523e922242fd58227eb4799a59a594375b7edbe24d5fce0bcc2cfe7c8697aa6a63adf95de2ed9dd60b9591e97dd2e97bb856d342fa7e1ecbff5419a2e

Download Submit