56f2d089cca510d59f8e1413b87b304294d4f4ce3d61ac42a4f9183a5eab4bf1

Analysis

max time kernel
180s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff1e4bf6655c460327d613cf78648096.exe
Size

24KB
MD5

ff1e4bf6655c460327d613cf78648096
SHA1

32f17db9792aeff7c8b16f53088e5fcde8920245
SHA256

56f2d089cca510d59f8e1413b87b304294d4f4ce3d61ac42a4f9183a5eab4bf1
SHA512

1accbe0bf1e3d23279f2a25f1a77b4a7b845248348ae250b83d72a871030dd0bde0a9e1e94930bac2ff6cdf49c7ac3d477d5ea319ebd5083ab80efe3cd6810bd
SSDEEP

384:bwbfIf6ymg7ABf+2C8/pqI22oL84Qay1G4R2cFnAX7:s6wc2C/ICA4fyhxtAX7

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SystemDrive = "C:\\Windows\\system32\\maxpaynow1.exe"	ff1e4bf6655c460327d613cf78648096.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\maxpaynow1.exe	ff1e4bf6655c460327d613cf78648096.exe
File opened for modification	C:\Windows\SysWOW64\maxpaynow1.exe	ff1e4bf6655c460327d613cf78648096.exe
File created	C:\Windows\SysWOW64\maxpaynow.exe	ff1e4bf6655c460327d613cf78648096.exe

C:\Users\Admin\AppData\Local\Temp\ff1e4bf6655c460327d613cf78648096.exe
"C:\Users\Admin\AppData\Local\Temp\ff1e4bf6655c460327d613cf78648096.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\maxpaynow.exe

Filesize
1KB

MD5
6914012ec5435103e52971d4cdee03e3

SHA1
3725ba5b69c7526daf5f4defcba2c029668c5a32

SHA256
acc55530c4c3fcd5a81676b17e6d021ed712ea9a057a977d41edd8be09185b8b

SHA512
479369348aa2bc621df2809209d428a5a61688ccd4cb4edf1c9d2d9292a5589b05cb1bc7f5e5160c545d701d9794a7b93640790ecab6c5d89660226661255dbf

Download Submit
memory/1852-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1852-1-0x0000000002010000-0x0000000002016000-memory.dmp

Filesize
24KB

Download
memory/1852-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1852-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1852-11-0x0000000002010000-0x0000000002016000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads