c061b6b59077b350eaed0ec3a997a9f8e3476c9d361adc15a3831997ab4f7254

General

Target

489a5bb292230a065327e58a4f407168.exe
Size

2KB
MD5

489a5bb292230a065327e58a4f407168
SHA1

9957a95ecfbd4fb8ebae07f58fe3b81cb21c806d
SHA256

c061b6b59077b350eaed0ec3a997a9f8e3476c9d361adc15a3831997ab4f7254
SHA512

aec4060faf3df9b8c21677897a0b9594690eacd325d4d5551bba42e0b762f9059a6b08922caa089f64148863e6d2290b73239a0f1e24b8a9a6ac16b953e4ac58

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	489a5bb292230a065327e58a4f407168.exe

Modifies data under HKEY_USERS 24 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	489a5bb292230a065327e58a4f407168.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	489a5bb292230a065327e58a4f407168.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{021C210E-93E2-41A1-9C44-2B5D7B5A9A01}\WpadNetworkName = "Network 3"	489a5bb292230a065327e58a4f407168.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-b2-24-4e-49-f9\WpadDecisionTime = 20b758304b41da01	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	489a5bb292230a065327e58a4f407168.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{021C210E-93E2-41A1-9C44-2B5D7B5A9A01}\WpadDecisionReason = "1"	489a5bb292230a065327e58a4f407168.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-b2-24-4e-49-f9\WpadDecision = "0"	489a5bb292230a065327e58a4f407168.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0052000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	489a5bb292230a065327e58a4f407168.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	489a5bb292230a065327e58a4f407168.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	489a5bb292230a065327e58a4f407168.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	489a5bb292230a065327e58a4f407168.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	489a5bb292230a065327e58a4f407168.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	489a5bb292230a065327e58a4f407168.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	489a5bb292230a065327e58a4f407168.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{021C210E-93E2-41A1-9C44-2B5D7B5A9A01}\WpadDecision = "0"	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-b2-24-4e-49-f9	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{021C210E-93E2-41A1-9C44-2B5D7B5A9A01}\d6-b2-24-4e-49-f9	489a5bb292230a065327e58a4f407168.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\d6-b2-24-4e-49-f9\WpadDecisionReason = "1"	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{021C210E-93E2-41A1-9C44-2B5D7B5A9A01}	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	489a5bb292230a065327e58a4f407168.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{021C210E-93E2-41A1-9C44-2B5D7B5A9A01}\WpadDecisionTime = 20b758304b41da01	489a5bb292230a065327e58a4f407168.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	489a5bb292230a065327e58a4f407168.exe

C:\Users\Admin\AppData\Local\Temp\489a5bb292230a065327e58a4f407168.exe
"C:\Users\Admin\AppData\Local\Temp\489a5bb292230a065327e58a4f407168.exe"
1⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\489a5bb292230a065327e58a4f407168.exe
C:\Users\Admin\AppData\Local\Temp\489a5bb292230a065327e58a4f407168.exe -A
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2076-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2076-8-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2212-1-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads