8194bf38930cdf933f465543e169c866362b21e5388d6e115da17938dcde4183

General

Target

2_1.3.0.5.exe
Size

2.9MB
MD5

286bb1cf6e6baf9aabb57f7cb019276c
SHA1

32d0280458e79b63035d1da4c00a304873ef50a7
SHA256

8194bf38930cdf933f465543e169c866362b21e5388d6e115da17938dcde4183
SHA512

3739118194e3d3092f25504ce6f5c97479198afaa24c9d5a5e88c3ba7b5bee7a675903ddc38605a549068cc177aae0946bbd09523b7c0469568bc512c5b506f5
SSDEEP

49152:SqvB2J/AjYwZYdK/wGhMt5edMFxjfyW153EZXPGutPn6MdE4cmkKXL7D15:SqvB2J/AswZOGWt5lFxjqWsnl6vmp

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 5 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5878457637EDD136043E286DBDF8C18DD3092F06	2_1.3.0.5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5878457637EDD136043E286DBDF8C18DD3092F06\Blob = 0f00000001000000200000001e512e684cc09af5297fc3f101ce4fd3c23bc7a46d8a6899fb277f9a3eb4f6a90300000001000000140000005878457637edd136043e286dbdf8c18dd3092f062000000001000000f9020000308202f5308201dda00302010202106a2478c622098faca20820df7f4f7646300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3233303932383230303030305a170d3238303932363230303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b986ed05a365e4b9c054614af72af0fe92113dd74ba9c6f9d49d5791a11109b84edad09cc15044bca15e37d5ceaa15380893f41542ac02c655306db8ee9c691977133c86046de71593fce82c3b3dbfc1e36a55d36916b3bbaa35716a966e7aa2be1239e33c710ca716c95768a49b6267625262f61ae6d824cecd19a23b4b4655eec58b060e7b9e3ae9e07dbe35d208bb73792a3c12682373c1700bc9543b105b7bb603923a52c24bd52fe536d1678ceae766c6e872e776b3aea50e58171e63e9db6c40998175a25e8e3b88e3be6da5aa08e886f79ad18925d12ba2aaa1433cd33cf9c6a9f6b7fcc51c9be71afa29abd30a2bd4bcaaeeef7e8bf41bbfd47bbb830203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414aa23aa0746c1ba2d239f72d9068dd9b5ee2a37db300d06092a864886f70d01010b0500038201010034ad69ec6e80d56599cee407b847b41a9288d520d161b67bc31e67d0c9899b07c6826169035f6556f8e145b4c305dd997ab540ee8faf2f86629f9ea6278684c85f17c6116e41d413de1efa90a22878e039ef7da834ea089801005138eb09b1107b4a34f6ed0165cf5d0b77a1506a9d61b7de84c8e502c52dc76bd4f4c9fbbc2bd8770981446e190b8ed7f9607c879da69f4e881022f0479be2edfc091699d2cd386f248b0ceadec892c626890a82c4443e6abec41e5d6129b5af934287c294100958a12748ec8cdfcdcd979e6682854610c3423a81ab44e3faf1c5a2c7209e34c04624194770c28db185b3ff2517697aaf01adceb03e354c3a5d448b931713a3	2_1.3.0.5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5878457637EDD136043E286DBDF8C18DD3092F06\Blob = 140000000100000014000000aa23aa0746c1ba2d239f72d9068dd9b5ee2a37db0300000001000000140000005878457637edd136043e286dbdf8c18dd3092f060f00000001000000200000001e512e684cc09af5297fc3f101ce4fd3c23bc7a46d8a6899fb277f9a3eb4f6a92000000001000000f9020000308202f5308201dda00302010202106a2478c622098faca20820df7f4f7646300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3233303932383230303030305a170d3238303932363230303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b986ed05a365e4b9c054614af72af0fe92113dd74ba9c6f9d49d5791a11109b84edad09cc15044bca15e37d5ceaa15380893f41542ac02c655306db8ee9c691977133c86046de71593fce82c3b3dbfc1e36a55d36916b3bbaa35716a966e7aa2be1239e33c710ca716c95768a49b6267625262f61ae6d824cecd19a23b4b4655eec58b060e7b9e3ae9e07dbe35d208bb73792a3c12682373c1700bc9543b105b7bb603923a52c24bd52fe536d1678ceae766c6e872e776b3aea50e58171e63e9db6c40998175a25e8e3b88e3be6da5aa08e886f79ad18925d12ba2aaa1433cd33cf9c6a9f6b7fcc51c9be71afa29abd30a2bd4bcaaeeef7e8bf41bbfd47bbb830203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414aa23aa0746c1ba2d239f72d9068dd9b5ee2a37db300d06092a864886f70d01010b0500038201010034ad69ec6e80d56599cee407b847b41a9288d520d161b67bc31e67d0c9899b07c6826169035f6556f8e145b4c305dd997ab540ee8faf2f86629f9ea6278684c85f17c6116e41d413de1efa90a22878e039ef7da834ea089801005138eb09b1107b4a34f6ed0165cf5d0b77a1506a9d61b7de84c8e502c52dc76bd4f4c9fbbc2bd8770981446e190b8ed7f9607c879da69f4e881022f0479be2edfc091699d2cd386f248b0ceadec892c626890a82c4443e6abec41e5d6129b5af934287c294100958a12748ec8cdfcdcd979e6682854610c3423a81ab44e3faf1c5a2c7209e34c04624194770c28db185b3ff2517697aaf01adceb03e354c3a5d448b931713a3	2_1.3.0.5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5878457637EDD136043E286DBDF8C18DD3092F06\Blob = 040000000100000010000000f492249ec1825d6398922252f177f7000f00000001000000200000001e512e684cc09af5297fc3f101ce4fd3c23bc7a46d8a6899fb277f9a3eb4f6a90300000001000000140000005878457637edd136043e286dbdf8c18dd3092f06140000000100000014000000aa23aa0746c1ba2d239f72d9068dd9b5ee2a37db2000000001000000f9020000308202f5308201dda00302010202106a2478c622098faca20820df7f4f7646300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3233303932383230303030305a170d3238303932363230303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b986ed05a365e4b9c054614af72af0fe92113dd74ba9c6f9d49d5791a11109b84edad09cc15044bca15e37d5ceaa15380893f41542ac02c655306db8ee9c691977133c86046de71593fce82c3b3dbfc1e36a55d36916b3bbaa35716a966e7aa2be1239e33c710ca716c95768a49b6267625262f61ae6d824cecd19a23b4b4655eec58b060e7b9e3ae9e07dbe35d208bb73792a3c12682373c1700bc9543b105b7bb603923a52c24bd52fe536d1678ceae766c6e872e776b3aea50e58171e63e9db6c40998175a25e8e3b88e3be6da5aa08e886f79ad18925d12ba2aaa1433cd33cf9c6a9f6b7fcc51c9be71afa29abd30a2bd4bcaaeeef7e8bf41bbfd47bbb830203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414aa23aa0746c1ba2d239f72d9068dd9b5ee2a37db300d06092a864886f70d01010b0500038201010034ad69ec6e80d56599cee407b847b41a9288d520d161b67bc31e67d0c9899b07c6826169035f6556f8e145b4c305dd997ab540ee8faf2f86629f9ea6278684c85f17c6116e41d413de1efa90a22878e039ef7da834ea089801005138eb09b1107b4a34f6ed0165cf5d0b77a1506a9d61b7de84c8e502c52dc76bd4f4c9fbbc2bd8770981446e190b8ed7f9607c879da69f4e881022f0479be2edfc091699d2cd386f248b0ceadec892c626890a82c4443e6abec41e5d6129b5af934287c294100958a12748ec8cdfcdcd979e6682854610c3423a81ab44e3faf1c5a2c7209e34c04624194770c28db185b3ff2517697aaf01adceb03e354c3a5d448b931713a3	2_1.3.0.5.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5878457637EDD136043E286DBDF8C18DD3092F06\Blob = 190000000100000010000000cd9a6a954e392253edff3c33f51b79de140000000100000014000000aa23aa0746c1ba2d239f72d9068dd9b5ee2a37db0300000001000000140000005878457637edd136043e286dbdf8c18dd3092f060f00000001000000200000001e512e684cc09af5297fc3f101ce4fd3c23bc7a46d8a6899fb277f9a3eb4f6a9040000000100000010000000f492249ec1825d6398922252f177f7002000000001000000f9020000308202f5308201dda00302010202106a2478c622098faca20820df7f4f7646300d06092a864886f70d01010b050030133111300f06035504031308436c6f75644e6574301e170d3233303932383230303030305a170d3238303932363230303030305a30133111300f06035504031308436c6f75644e657430820122300d06092a864886f70d01010105000382010f003082010a0282010100b986ed05a365e4b9c054614af72af0fe92113dd74ba9c6f9d49d5791a11109b84edad09cc15044bca15e37d5ceaa15380893f41542ac02c655306db8ee9c691977133c86046de71593fce82c3b3dbfc1e36a55d36916b3bbaa35716a966e7aa2be1239e33c710ca716c95768a49b6267625262f61ae6d824cecd19a23b4b4655eec58b060e7b9e3ae9e07dbe35d208bb73792a3c12682373c1700bc9543b105b7bb603923a52c24bd52fe536d1678ceae766c6e872e776b3aea50e58171e63e9db6c40998175a25e8e3b88e3be6da5aa08e886f79ad18925d12ba2aaa1433cd33cf9c6a9f6b7fcc51c9be71afa29abd30a2bd4bcaaeeef7e8bf41bbfd47bbb830203010001a3453043300e0603551d0f0101ff04040302010630120603551d130101ff040830060101ff020101301d0603551d0e04160414aa23aa0746c1ba2d239f72d9068dd9b5ee2a37db300d06092a864886f70d01010b0500038201010034ad69ec6e80d56599cee407b847b41a9288d520d161b67bc31e67d0c9899b07c6826169035f6556f8e145b4c305dd997ab540ee8faf2f86629f9ea6278684c85f17c6116e41d413de1efa90a22878e039ef7da834ea089801005138eb09b1107b4a34f6ed0165cf5d0b77a1506a9d61b7de84c8e502c52dc76bd4f4c9fbbc2bd8770981446e190b8ed7f9607c879da69f4e881022f0479be2edfc091699d2cd386f248b0ceadec892c626890a82c4443e6abec41e5d6129b5af934287c294100958a12748ec8cdfcdcd979e6682854610c3423a81ab44e3faf1c5a2c7209e34c04624194770c28db185b3ff2517697aaf01adceb03e354c3a5d448b931713a3	2_1.3.0.5.exe

C:\Users\Admin\AppData\Local\Temp\2_1.3.0.5.exe
"C:\Users\Admin\AppData\Local\Temp\2_1.3.0.5.exe"
1⤵
- Modifies system certificate store
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2948-0-0x0000000000D80000-0x00000000010EF000-memory.dmp

Filesize
3.4MB

Download

Analysis

Sharing