d129b218c976efed61c74f3a971f114486129713cfbfed50fa6c24888b5db3d8

Analysis

max time kernel
152s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

198d7ef0ce493bb7291bcb66b47a898d.exe
Size

72KB
MD5

198d7ef0ce493bb7291bcb66b47a898d
SHA1

b9f415b7e25188f5cf73c890c8b76142103803b9
SHA256

d129b218c976efed61c74f3a971f114486129713cfbfed50fa6c24888b5db3d8
SHA512

3d413c6f024267c3031ef4c5a7a4f43a011a795b80fd79b407ccca95c5e495a7bd52bbd502f06ba44edf065ea863614ad9819dbeb61a2f50305ad499743e3c59
SSDEEP

1536:SbncStgEBA76pCnYabUcdYkJuLqohG0qKo3vGPscA:Sbn27A+dxYLqmGHKo3vGPi

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Project1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\198d7ef0ce493bb7291bcb66b47a898d.exe"	198d7ef0ce493bb7291bcb66b47a898d.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\79	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\81	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\82	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\check.dll	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\48	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\55	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\68	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\33	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\74	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\85	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\86	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\98	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\15	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\24	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\26	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\53	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\32	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\52	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\56	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\69	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\78	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\36	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\57	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\96	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\3	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\7	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\92	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\72	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\93	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\67	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\87	198d7ef0ce493bb7291bcb66b47a898d.exe
File opened for modification	C:\Windows\SysWOW64\check.dll	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\4	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\20	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\63	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\14	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\43	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\49	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\54	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\102	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\11	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\16	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\38	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\39	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\5	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\76	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\8	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\40	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\80	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\104	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\10	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\27	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\35	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\65	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\94	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\13	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\61	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\66	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\77	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\1	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\46	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\103	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\12	198d7ef0ce493bb7291bcb66b47a898d.exe
File created	C:\Windows\SysWOW64\84	198d7ef0ce493bb7291bcb66b47a898d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2188	198d7ef0ce493bb7291bcb66b47a898d.exe

C:\Users\Admin\AppData\Local\Temp\198d7ef0ce493bb7291bcb66b47a898d.exe
"C:\Users\Admin\AppData\Local\Temp\198d7ef0ce493bb7291bcb66b47a898d.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\5

Filesize
19KB

MD5
ca344c13d1ff2f87a18a02a70ebf6099

SHA1
f10e334553b36d563a70867723b0afae5eb40368

SHA256
c0abc75a08599f4e8dbd4a98040e2aefd84296b3b3fdaa50fad0da07a4abdd1f

SHA512
ca4e9025ce9ff35e6efb486f3e4fa731fef40b65122e62f4c6298740e1392b4b8088bd4a13c6db943e5da93b6520f86be415ae0baa86b8be65ffc2d6fab733b0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads