6245c830089e4c501cfaa7b1b0f6df2b9f1d48c31495ac7cf6a72b708936ddcf

Analysis

max time kernel
159s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 16:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e75ec72404521a7519c36c84f92af7a.exe
Size

51KB
MD5

3e75ec72404521a7519c36c84f92af7a
SHA1

45631152a9e552c8f096cbb33c285fd14e074c17
SHA256

6245c830089e4c501cfaa7b1b0f6df2b9f1d48c31495ac7cf6a72b708936ddcf
SHA512

e31957b1ad5a90441c6bf1449678eca2f0cdde562d1f9ed7ea7d4d3955aa1e7d9d2ea346498a3b0110d2012312eaf2c3cba7b7116b50b1cced688af8597148c3
SSDEEP

768:PrIVJ12Aw8EWmvhPHOM21HGtk3tcrErDr8vLAXCa943e5sclrRirQM+c5T:Wq85mv8Hb3tcr+r8v0XB9TOcl1Lc5

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	3e75ec72404521a7519c36c84f92af7a.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	3e75ec72404521a7519c36c84f92af7a.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	3e75ec72404521a7519c36c84f92af7a.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
1176	3e75ec72404521a7519c36c84f92af7a.exe
432	svchost.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\taskmgr.dll	3e75ec72404521a7519c36c84f92af7a.exe

C:\Users\Admin\AppData\Local\Temp\3e75ec72404521a7519c36c84f92af7a.exe
"C:\Users\Admin\AppData\Local\Temp\3e75ec72404521a7519c36c84f92af7a.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:1176

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k taskmgr
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
PID:432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\taskmgr.dll

Filesize
76KB

MD5
a5cd5ab2ee30a91a33562fe7e7c0106b

SHA1
10d57405e6e52f1854322207369d9cbefa2104c3

SHA256
66d542de19c951d9c40ebe7bda318d29e028f07367f401d6bed31d2d30220890

SHA512
96ea8520f28f4fb14a1b3263295568cadea0ea5e36f2109f559baa79f750673f3030091da1c53a8a5635af3d00289f7529829ccd0275bd1c88ec761603247cf8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads