ca8525d32eb867e49f2578c0920799a32ff48b0f0e0a68f7b975a8e7092c38cd

Analysis

max time kernel
144s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49637f4210da80b5df4f5a51d188cda2.exe
Size

71KB
MD5

49637f4210da80b5df4f5a51d188cda2
SHA1

187192fd8febfb46743f8aa80b332d8c820c10f8
SHA256

ca8525d32eb867e49f2578c0920799a32ff48b0f0e0a68f7b975a8e7092c38cd
SHA512

009e0517863a1cd30fb23b57d3c5d7f9ce7bd22f5ee8b0b65f96101a0ec65bfece63818b47d8969ea54f20ebd5ee594f71c5c85172d7b3163b4402f3f6add60b
SSDEEP

1536:nl9MI1HsjPhm1LXjcJNl/LVVqPWANn/5zwIflskf5:l9MI1aJmJXjy5sWKxwIflL5

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\PcClient = "C:\\Users\\Admin\\AppData\\Local\\Temp\\49637f4210da80b5df4f5a51d188cda2.exe"	49637f4210da80b5df4f5a51d188cda2.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1972	49637f4210da80b5df4f5a51d188cda2.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1972	49637f4210da80b5df4f5a51d188cda2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1972	49637f4210da80b5df4f5a51d188cda2.exe
1972	49637f4210da80b5df4f5a51d188cda2.exe

C:\Users\Admin\AppData\Local\Temp\49637f4210da80b5df4f5a51d188cda2.exe
"C:\Users\Admin\AppData\Local\Temp\49637f4210da80b5df4f5a51d188cda2.exe"
1⤵
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1972-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1972-2-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1972-6-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1972-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1972-12-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads