e51fb04b4c8dab811628ae9b8a18fb1318a4f4c108d4ff350093455ad9f6e29c

Analysis

max time kernel
0s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 06:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

42f416549ebd0dc588baf24fa81218e6.exe
Size

127KB
MD5

42f416549ebd0dc588baf24fa81218e6
SHA1

cc3bbc05c73c6422e8a0c1167c76c00804e0fd77
SHA256

e51fb04b4c8dab811628ae9b8a18fb1318a4f4c108d4ff350093455ad9f6e29c
SHA512

ffd3b063307a1e8716e749beebf0e564f2261979e6954f570adfbcf312ec42bd594e9d1d7d8b895e23216d85050eeaa2593926d0fdf5b93125237ba884aca90e
SSDEEP

3072:sXqmPW+E0K7IbvJfGSl5Ygr35NjMS7RV/96lNd7eD4hTzT/+j:sXqmdEz7Ijo457klNdCKK

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\svchost.exe"	42f416549ebd0dc588baf24fa81218e6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\42f416549ebd0dc588baf24fa81218e6.exe
"C:\Users\Admin\AppData\Local\Temp\42f416549ebd0dc588baf24fa81218e6.exe"
1⤵
- Adds Run key to start application
PID:2216
- C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe"
  2⤵
  PID:4020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe

Filesize
46KB

MD5
475ac7a6722a6f4a5e42863d320497f9

SHA1
6c1fa25a2d26349ddbc65706b2497ba5f5076331

SHA256
4eeea2d210d4c25a0d15ff65af82215cc64e0c168fbab477faad6336501d54d1

SHA512
ca953c5f89fa52a4b8fa51c627303dff54f473e0c948aa924b8c7f92b7aff38ada43ee0f6caf4788b5bbf837da8876ad2afc7d76b2904e7440772902a45d3ceb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe

Filesize
57KB

MD5
9d57fe2ffeb1159f3f1b25834853daca

SHA1
3781f6f7812acdc356581c38dd514eee8267a40d

SHA256
4ea37151795a0a3b8ce0f10213c46a61352dfb3cd98e7375a3107df9d820c5b0

SHA512
5345e74f1259f1e56c4d92608209d0458ecbb1eb5bf4277f8de7473b3c036d93a19236fb6d45771a7504837df8f1118e051f32df4282aaf95aecf597c64a91cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\svchost.exe

Filesize
11KB

MD5
477dc0c8d4a3eb266a6938bf25879fa3

SHA1
f9f566f99d4e6a801abe59e18fe62fa4e3f4c834

SHA256
4580fad365d51fb2e78be0b5dbd952cdbac45fdeec1e269e06377b8e3d40a850

SHA512
d3033de2f94b7df33ab54a2be8b145fff05886426a50ea4e1f1e830ddc21514ef5912107b0bbd4dede85889b9dffa82934be0acc1fa337650279728672eb8a66

Download Submit
memory/2216-33-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4020-34-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/4020-35-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads