e29ac1449ea346c1bdb1c807bb1a34e52cf69ff0379b8600bd5b1cb19a7797dd

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

375441c85112473c7aa31dbbc39044e8.exe
Size

244KB
MD5

375441c85112473c7aa31dbbc39044e8
SHA1

bdae658b298f53a231f6b6a4e496004d2c4a5682
SHA256

e29ac1449ea346c1bdb1c807bb1a34e52cf69ff0379b8600bd5b1cb19a7797dd
SHA512

340fdfee7d78fe8f6994c61a414372467492262cbab2f1356497bbec11e86a45cdec4f63b10fd9ce999dd9fb30445bbfb1786c7c65cb93994ca183edcb2b5ecc
SSDEEP

3072:INuf1Tbl8WEkbRSaWXzxlTywFgXeletIhiLVIa8fHN2i15kv/UtwMq:INKbl8Z6R3WXzfTyiletIEIaSr5klMq

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ejhmQg7P3PCeD3JyO = "C:\\Users\\Admin\\AppData\\Local\\Temp\\375441c85112473c7aa31dbbc39044e8.exe"	375441c85112473c7aa31dbbc39044e8.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1492	375441c85112473c7aa31dbbc39044e8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 2588	1492	375441c85112473c7aa31dbbc39044e8.exe	110
PID 1492 wrote to memory of 2588	1492	375441c85112473c7aa31dbbc39044e8.exe	110
PID 1492 wrote to memory of 2588	1492	375441c85112473c7aa31dbbc39044e8.exe	110

C:\Users\Admin\AppData\Local\Temp\375441c85112473c7aa31dbbc39044e8.exe
"C:\Users\Admin\AppData\Local\Temp\375441c85112473c7aa31dbbc39044e8.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\gpdelrec.bat
  2⤵
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gpdelrec.bat

Filesize
250B

MD5
d2b97412d2862ba5edd5db6e637ba36e

SHA1
7f4e77f56aa05390aa98f75ad566c82a0f4ff76b

SHA256
a6d768914aaf3d508c89eeb627eb4fc15c8edfc5867af3afbd8d1e63feae9bd6

SHA512
7009470345a21764cb1febede3c3d548c2673d213af38d71a89ae98bfa5a05c831ccecec052f6c6d6e49db04ac91c6805c7b0416d58f05d85e88417ee502e617

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads