e0f1c31676c37afbb11f13852a3ae9b836b02c099949bf4e796a405eabd35850

General

Target

0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Size

2KB
MD5

0a384ec28f9cd13d4ff8e5b24f4a7f9e
SHA1

39eb18165d227f1f70a3320afda5dda712df6dbd
SHA256

e0f1c31676c37afbb11f13852a3ae9b836b02c099949bf4e796a405eabd35850
SHA512

f856b1b132865f7f0d40edfb437306e90999b3175aa96a011a61692ede804b9ad8e5473cbb43fcf5ea833650d493718c444dcb229c3d17e1c472be11b7f6b0d5

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe

Modifies data under HKEY_USERS 24 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F887EAC-CE96-4D1F-A7C2-63BB934C1256}\WpadDecision = "0"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a2-51-39-89-49-06\WpadDecisionTime = 90de6f42273bda01	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a2-51-39-89-49-06\WpadDecision = "0"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f003c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F887EAC-CE96-4D1F-A7C2-63BB934C1256}	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F887EAC-CE96-4D1F-A7C2-63BB934C1256}\a2-51-39-89-49-06	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a2-51-39-89-49-06\WpadDecisionReason = "1"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F887EAC-CE96-4D1F-A7C2-63BB934C1256}\WpadDecisionReason = "1"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F887EAC-CE96-4D1F-A7C2-63BB934C1256}\WpadDecisionTime = 90de6f42273bda01	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{9F887EAC-CE96-4D1F-A7C2-63BB934C1256}\WpadNetworkName = "Network 3"	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a2-51-39-89-49-06	0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe

C:\Users\Admin\AppData\Local\Temp\0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
"C:\Users\Admin\AppData\Local\Temp\0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe"
1⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe
C:\Users\Admin\AppData\Local\Temp\0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe -A
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1180

Network

No results found

58.65.239.115:80

0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe

152 B
3
58.65.239.115:80

0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe

152 B
3
58.65.239.115:80

0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe

152 B
3
58.65.239.115:80

0a384ec28f9cd13d4ff8e5b24f4a7f9e.exe

152 B
3

No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1180-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2392-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2392-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.