a8e2a996c913eb390bd0074d461a97156ad7395ae5ca856c2a6e6c14be534e2d

General

Target

09614e70ccc217403b852420ff7c9a94.exe
Size

402KB
MD5

09614e70ccc217403b852420ff7c9a94
SHA1

e8a5691810a49873d4bdccf6776510a2db6c17d4
SHA256

a8e2a996c913eb390bd0074d461a97156ad7395ae5ca856c2a6e6c14be534e2d
SHA512

d51c22dd923b2733c60d8e185f64e45a34158119852e721bfdae80e893e8c1d779063bc2a84c2cb593bd05dcc64f1bf47da32bdd903eb8b5976c058d1995afc7
SSDEEP

6144:lw/1POelIqtW+YPjXbs0CsgEn4yr2BdjRbv2ixvD3OR6DF7DSeFr7knGyHM:lw/1PmPLssgETrA5Rl66VS+I

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2612	33A2E4F0.exe

Loads dropped DLL 2 IoCs

pid	Process
1788	09614e70ccc217403b852420ff7c9a94.exe
1788	09614e70ccc217403b852420ff7c9a94.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\{7C046CF8-759C-4301-A95C-2D5FD8AD23DE} = "C:\\ProgramData\\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\\33A2E4F0.exe"	09614e70ccc217403b852420ff7c9a94.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{7C046CF8-759C-4301-A95C-2D5FD8AD23DE} = "C:\\ProgramData\\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\\33A2E4F0.exe"	09614e70ccc217403b852420ff7c9a94.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2612	1788	09614e70ccc217403b852420ff7c9a94.exe	29
PID 1788 wrote to memory of 2612	1788	09614e70ccc217403b852420ff7c9a94.exe	29
PID 1788 wrote to memory of 2612	1788	09614e70ccc217403b852420ff7c9a94.exe	29
PID 1788 wrote to memory of 2612	1788	09614e70ccc217403b852420ff7c9a94.exe	29

C:\Users\Admin\AppData\Local\Temp\09614e70ccc217403b852420ff7c9a94.exe
"C:\Users\Admin\AppData\Local\Temp\09614e70ccc217403b852420ff7c9a94.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1788
- C:\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe
  "C:\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe"
  2⤵
  - Executes dropped EXE
  PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe

Filesize
281KB

MD5
fcb66e9debc048e6a16505d1599c553d

SHA1
04fa2fac2e3b4ee3bc5cd5eab5c25f0c203d1d9f

SHA256
1e8d0a2d65713ca9b667cbebeefdf517f1ea8b25185c647c2d879652ec489739

SHA512
18d040616b7810661cbce1b5d675764922f775b693e10df894e41bdeadddcee35cff341c092665925f27c727be5ff67e22013f620dcbe3f6c74eaac8e3753395

Download Submit
C:\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe

Filesize
273KB

MD5
854b5d027a671b429463d178d469b068

SHA1
90cc9c0221602a54c972130031101af33e8a93ab

SHA256
f2600361a683197e1dd0a616b4a0056eb6c2739ba08e382dd86b0b6336884f74

SHA512
7f2cb321966e2e2d17a069f8ef2a89315bc291087ecf0365ffbc7bb19848fe39da0bdd6199dcdeef66d5cd762f6b0d8cea2e923e202a04fbac6865f33c0a4b0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\A56FE8E8E07249AFA0AC27

Filesize
140B

MD5
7a6cbef7be65263118e3d87e1156df64

SHA1
43088af10901409b2d8f2235a1f3f0d900ac7046

SHA256
0f63a150adc323fa90ed1a312250edb34def2e9b29ba7103de7e77c54c12f683

SHA512
be22c7fd78c7dd4976cfac4515f127bf4eb8ff4e23a8fa8e3db89a76309646064578542d73a249420f1c11d69f394420525d1a0d4b209bf19cadb6283dd9d754

Download Submit
\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe

Filesize
402KB

MD5
09614e70ccc217403b852420ff7c9a94

SHA1
e8a5691810a49873d4bdccf6776510a2db6c17d4

SHA256
a8e2a996c913eb390bd0074d461a97156ad7395ae5ca856c2a6e6c14be534e2d

SHA512
d51c22dd923b2733c60d8e185f64e45a34158119852e721bfdae80e893e8c1d779063bc2a84c2cb593bd05dcc64f1bf47da32bdd903eb8b5976c058d1995afc7

Download Submit
\ProgramData\{1D7BD5EC-1EA9-44E8-9114-08DDFBD26AB9}\33A2E4F0.exe

Filesize
297KB

MD5
2fbb1b60b77af4dc29930e9afb89497d

SHA1
6c06eb01c1fb26a0c1abc3a50beec14b1ce6c7df

SHA256
1e3cdaa007e0c392f95e81506dbd7904d8d90538a1057824bb2c76e1fff763af

SHA512
cbbe5bc2d230437cb84d3f64d16e56f16ff6c76654903cc80e36ab02689cd95d733180f3b03a6d63390c79ba327ce9fd41b8324fb96ce303e0abfd3d74428bb9

Download Submit
memory/1788-1-0x00000000030E0000-0x00000000031E0000-memory.dmp

Filesize
1024KB

Download
memory/1788-3-0x0000000000400000-0x0000000002C9B000-memory.dmp

Filesize
40.6MB

Download
memory/1788-13-0x0000000000400000-0x0000000002C9B000-memory.dmp

Filesize
40.6MB

Download
memory/1788-2-0x0000000000220000-0x0000000000270000-memory.dmp

Filesize
320KB

Download
memory/2612-15-0x0000000002DD0000-0x0000000002ED0000-memory.dmp

Filesize
1024KB

Download
memory/2612-16-0x0000000000220000-0x0000000000270000-memory.dmp

Filesize
320KB

Download
memory/2612-17-0x0000000000400000-0x0000000002C9B000-memory.dmp

Filesize
40.6MB

Download
memory/2612-19-0x0000000000400000-0x0000000002C9B000-memory.dmp

Filesize
40.6MB

Download
memory/2612-21-0x0000000002DD0000-0x0000000002ED0000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads