09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-12-2023 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
Size

1.3MB
MD5

d9859e9eebc0aff762570ed16bab695e
SHA1

99642074ac1fd217bbf481c60d91f3b6d362beb7
SHA256

09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2
SHA512

e4bc9ddeb862f686be0df83c8bfb3d4192352b5bb2ac29b7ff0e61b327e8889cbdfb0749bc13476b90011888512e214372368290356f1df32573b1a92270db20
SSDEEP

24576:w7JeIlrXu6oaYtM0ZZ44i68yhhIvgrQL7DSVXT5Xyhya:oJhlrXcaKMGZAyhRvXT5X01

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
Token: SeDebugPrivilege	1732	09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe

C:\Users\Admin\AppData\Local\Temp\09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe
"C:\Users\Admin\AppData\Local\Temp\09e2bed9f8e2b5211157c6d9b326e1b6cb02b103acb74ac5bfd020c20a8f33d2.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fb3792edb3e7544c69e2cf86878faf91

SHA1
aded2e17f4a2b1e0da27afb9d2f5ac1601984996

SHA256
a49b3a12ad59fbf39dec5c96f1cac1185c1639953167ed2cefd1f160a1a468c2

SHA512
418a53af0318ae065ab219fe39b9a438c962a588115530070e1c4561bf33321da2fb6c85268fd02e307f2ce7e5e590fa49ea4ca4654e2871d14eebc812794538

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab167F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar171E.tmp

Filesize
168KB

MD5
dc0ae51669e77e6fabf485034fd6df0e

SHA1
22d9e961bf308bd444b4f3e2ab15de556b509fac

SHA256
27c99076d338e39f88aef948dac1bd542f7532af052a1876ae770a2c82bad3b1

SHA512
030da1e1d22c4bb9bfc950e1f7bdeb8889c94b1acfd4ddbf31897f27bee40c0104ffd300c5b335e923d120225676ac0fe057b35bb0cfc650e2b33ea55a5abdf3

Download Submit
memory/1732-3-0x000000001B220000-0x000000001B2A0000-memory.dmp

Filesize
512KB

Download
memory/1732-6-0x000000001B220000-0x000000001B2A0000-memory.dmp

Filesize
512KB

Download
memory/1732-5-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/1732-4-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/1732-10-0x000000001B220000-0x000000001B2A0000-memory.dmp

Filesize
512KB

Download
memory/1732-0-0x00000000002C0000-0x00000000002F4000-memory.dmp

Filesize
208KB

Download
memory/1732-2-0x000000001B220000-0x000000001B2A0000-memory.dmp

Filesize
512KB

Download
memory/1732-1-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download
memory/1732-91-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download
memory/1732-92-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download
memory/1732-93-0x0000000000310000-0x000000000031A000-memory.dmp

Filesize
40KB

Download