a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
20-10-2023 10:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
Size

1.5MB
MD5

aab6f799cfd3227988175963f7033304
SHA1

b31bf91063611716c1e9fdfb4be9f38671717746
SHA256

a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539
SHA512

ebdeacdaf6003651db7c532520cbeabb7757f64110c576f12c07fbc69bb09f9a3a3b6e2b59bb1ca12005469a6d2ce61318af6fd3878fb9aa0f999b01ffb13f19
SSDEEP

24576:WmMFxPqRfhqoVv0C/1Hdkeya3AWOENDSVXT5X3:6xyRfhqoCC1dr1w4SXT5X

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
Token: SeDebugPrivilege	1888	a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe

C:\Users\Admin\AppData\Local\Temp\a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe
"C:\Users\Admin\AppData\Local\Temp\a1d45b7b7fa32bbc504f5bb9a2c2d08666b69f34b62ac5e8bd2797e27da07539.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
26220f7137c20d1e550af0dac688b4a3

SHA1
8f7404c27e4c0056ed4afa4ba9e403202e040d07

SHA256
f0241f84f1802eb466ef761e5b470517b2adc484412ca0cf0d92704875cf487c

SHA512
fdd96d8776a0107a80c411a0a1f3ee43ed5d739be5e7679b27926bd351a3ba369aa23e552af1c2a1971d42b2c132c921ba567d3856c001f4eaf3f66efb5a6df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab758F.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar75C1.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/1888-6-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/1888-0-0x0000000000340000-0x0000000000374000-memory.dmp

Filesize
208KB

Download
memory/1888-5-0x0000000001D30000-0x0000000001D3A000-memory.dmp

Filesize
40KB

Download
memory/1888-4-0x0000000001D30000-0x0000000001D3A000-memory.dmp

Filesize
40KB

Download
memory/1888-2-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/1888-3-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/1888-1-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

Filesize
9.9MB

Download
memory/1888-97-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/1888-101-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

Filesize
9.9MB

Download
memory/1888-102-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download
memory/1888-103-0x0000000001D30000-0x0000000001D3A000-memory.dmp

Filesize
40KB

Download
memory/1888-104-0x0000000001D30000-0x0000000001D3A000-memory.dmp

Filesize
40KB

Download
memory/1888-105-0x000000001B1C0000-0x000000001B240000-memory.dmp

Filesize
512KB

Download