ad3bcb65313043b1a43b8fb210f3a20a87df8a8145ed9a18b086d0859616caa2

Analysis

max time kernel
134s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
23-10-2023 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe
Size

124KB
MD5

a0e69d718631af37a4421fc84f658f93
SHA1

af15fa80ce962a445e4742c50d97e23cb622502b
SHA256

d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f
SHA512

93f6ec3c3d3e0bf7b007f302b18bb5e230a2b390663d4030d1614a1e5e7417a3e4ed7229a601805618d8adc6a768f7b598543f38c9b67cb585c10d9f7ec88bce
SSDEEP

1536:yJdAwtDCFXLkauQpeVwLXJi+bfE2i0JL4iDSiLseoM4gkuSrgJsTUZ:yfDCFime85vjiKIYr4gtSUKTUZ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3125601242-331447593-1512828465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\services = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe"	d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe

Drops file in Program Files directory 2 IoCs

Processes:

d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe

description	ioc	process
File created	C:\Program Files\coder196087.StartExport.htm	d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe
File created	C:\Program Files\!_VNIMANIE_!.txt	d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe

C:\Users\Admin\AppData\Local\Temp\d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe
"C:\Users\Admin\AppData\Local\Temp\d278eb3d6cc29c6de4b086aaa6214412d62fe2bb850c0ead63a403c3a24b2c8f.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
PID:2740

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\!_VNIMANIE_!.txt
Filesize
132B

MD5
3b06de7db9f7dd33de012e3658d3e435

SHA1
cbffebf617fb64eb172e2ae16eb967d7ecc4b5ac

SHA256
ce8f47de2ec567b50c1a9f334597082ee8a3e44b19cec03bf35b99d674acf78c

SHA512
eef6c79285b203b56b9ff1a7528f27e1d9c6d8bc7f2160823de1d0835ecb98b17887d49d650b8358943837efacbe571b5965e95f868d23b459905dbc07105daf

Download Submit
memory/2740-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download