e3fa89b0ca3a181198107b94da5c9bb75c64b7dfcde207d9084784c5db254d85

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c3adf44877a222206872c41b403d962.exe
Size

261KB
MD5

0c3adf44877a222206872c41b403d962
SHA1

6e5b1060ee3babc747eff093b5fef1f92da87453
SHA256

e3fa89b0ca3a181198107b94da5c9bb75c64b7dfcde207d9084784c5db254d85
SHA512

71379e01fdd71d17845a68989a0dc1492670b77c3dc5c53d5f52b24e51daee2ee9cd20b452bd5022411d81919899e1f7d7e30789e04445514d770db98faa6a63
SSDEEP

3072:+xkePN3+a26pF/PFbbkk6PQKI3abogg+PG2VgRTtvnXislXMqUoJiLuyCAJeuK4q:o1ZaRpG26jdIzuyCI9K8JPCf

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\f6f4fff9e8f8feb5fee3fe = "C:\\Users\\Admin\\bsce.exe"	0c3adf44877a222206872c41b403d962.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2892	0c3adf44877a222206872c41b403d962.exe

C:\Users\Admin\AppData\Local\Temp\0c3adf44877a222206872c41b403d962.exe
"C:\Users\Admin\AppData\Local\Temp\0c3adf44877a222206872c41b403d962.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:2892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads