Analysis
-
max time kernel
176s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
19-12-2023 11:18
General
-
Target
1255bd5c3d2bfea5e6c9e3396f2ea677.exe
-
Size
1.4MB
-
MD5
1255bd5c3d2bfea5e6c9e3396f2ea677
-
SHA1
b6e0eb24437baf5ea87d57a8fb73a47cd321482c
-
SHA256
c3aee7534aefcf6c781c7faea34c6666d9c67deb7565ecf3e8f76b821e5174c4
-
SHA512
19e94d1055e34eda89359ee63a7635f316832953d57cdfe2912208183eec4a8263793bdad08ca5c45a7709c237b76e69cd6b2fcc1cdce4fdf406da2b19751ae3
-
SSDEEP
24576:n67MnVnpA1lmTx8MmA07AaSuDSwdKE6EhDK67MnVnpA1lmTx8MmA07AaSuDSwdIy:67N1ahCK0V7N1ahCQ0
Score
10/10
Malware Config
Signatures
-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload 6 IoCs
-
Sets file execution options in registry 2 TTPs 64 IoCs
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1255bd5c3d2bfea5e6c9e3396f2ea677.exe"C:\Users\Admin\AppData\Local\Temp\1255bd5c3d2bfea5e6c9e3396f2ea677.exe"1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\srtsrv32.exe"C:\Windows\system32\srtsrv32.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"3⤵
- Sets file execution options in registry
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"4⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"5⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"6⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"7⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"8⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"9⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"10⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"11⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"12⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"13⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"14⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"15⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"16⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"17⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"18⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"19⤵
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"20⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"21⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"22⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"23⤵
- Sets file execution options in registry
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"24⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"25⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"26⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"27⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"28⤵
- Sets file execution options in registry
- Executes dropped EXE
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"29⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"30⤵
- Sets file execution options in registry
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"31⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"32⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"33⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"34⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"35⤵
- Sets file execution options in registry
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"36⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"37⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"38⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"39⤵
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"40⤵
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"41⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"42⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"43⤵
- Sets file execution options in registry
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"44⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"45⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"46⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"47⤵
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"48⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"49⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"50⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"52⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"53⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"54⤵
- Sets file execution options in registry
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"55⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"56⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"57⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"58⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"59⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"60⤵
- Sets file execution options in registry
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"61⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"62⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"63⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"64⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"65⤵
- Sets file execution options in registry
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"66⤵
- Checks computer location settings
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"67⤵
- Sets file execution options in registry
- Checks computer location settings
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"68⤵
- Sets file execution options in registry
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"69⤵
- Sets file execution options in registry
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"70⤵
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"71⤵
- Sets file execution options in registry
- Checks computer location settings
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"72⤵
- Sets file execution options in registry
- Checks computer location settings
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"73⤵
- Sets file execution options in registry
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"74⤵
- Sets file execution options in registry
- Checks computer location settings
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"75⤵
- Sets file execution options in registry
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"76⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"77⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"78⤵
- Sets file execution options in registry
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"79⤵
- Sets file execution options in registry
- Checks computer location settings
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"80⤵
- Sets file execution options in registry
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"81⤵
- Sets file execution options in registry
- Checks computer location settings
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"82⤵
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"83⤵
- Sets file execution options in registry
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"84⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"85⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"86⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"87⤵
- Checks computer location settings
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"88⤵
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"89⤵
- Sets file execution options in registry
- Checks computer location settings
- Adds Run key to start application
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"90⤵
- Sets file execution options in registry
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"91⤵
- Sets file execution options in registry
- Checks computer location settings
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"92⤵
- Sets file execution options in registry
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"93⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"94⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"95⤵
- Checks computer location settings
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"96⤵
- Sets file execution options in registry
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"97⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"98⤵
- Sets file execution options in registry
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"99⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"100⤵
- Adds Run key to start application
- Drops file in System32 directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"101⤵
- Sets file execution options in registry
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"102⤵
- Sets file execution options in registry
- Checks computer location settings
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"103⤵
- Sets file execution options in registry
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"104⤵
-
C:\Windows\SysWOW64\LSASSMGR.EXE"C:\Windows\system32\LSASSMGR.EXE"105⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\SysWOW64\lssmon.exe"C:\Windows\system32\lssmon.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD5adc7b1becdd2018221d87b7cf738d89d
SHA15bbd8784574e8ac60e6fec0413b02408bf55fb04
SHA2567cbfbbb179dc77b97d6442ad947cd93a23a723900a5d15c0d905b2cd16faa243
SHA5120e2e93afef64f35def8f72ef7df2e9c8ecba338928ddf02e0f8b2e8ee94c689679c8be86d0ee8ec9cb7faf592889a127c22eacd14dd21cf3b487ddd32f9b5495
-
Filesize
1.4MB
MD5050095e26e4a97a90966f7fd4b201c9c
SHA1539e401689b947e7e5c32f5669eb3a75b0e4a82a
SHA2566d83a5141500c2b8bc9430d380c78571126c17ea793a12f64b10b01b743ff0f8
SHA5128ec102bf57e408e2afac200625826301a90b2a37e50991b218d33407c0ebad50bc49c58e1b6a485e06ecdffb433c8908306f6d01f06768032083c679a6711821
-
Filesize
17KB
MD5c629c409b43b89206b8b674766cf78b6
SHA1f5432c18dee27569eb6f04e8729fb6822dc584c4
SHA256326c4b70b5d361c8b675db250116c4a4a656cc570c3d318c3b2873edfc0f2809
SHA512cfa0feaff4b11656058a13106b117e8dddfc21e69de6bbd6cd570a788ec5b1e7c63985272724e23dc411a469d08621e638acdd2ef194a5b3cdb86fd6bc2d502b
-
Filesize
772KB
-
Filesize
4KB
-
Filesize
772KB
-
Filesize
772KB
-
Filesize
4KB
-
Filesize
772KB
-
Filesize
4KB
-
Filesize
772KB