69c47a5b8bd2571c07b22984a1818f7d35a5d4a6799a55af9b9ff41919cfda0e

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 02:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a0919fe72427dd51c9a8129a29649fe.exe
Size

100KB
MD5

5a0919fe72427dd51c9a8129a29649fe
SHA1

d446005efa9484c95883248af9d9d7e249801190
SHA256

69c47a5b8bd2571c07b22984a1818f7d35a5d4a6799a55af9b9ff41919cfda0e
SHA512

3d9bb65af39aad6b4d9ebdce277fc347b913d66e998ea1961aa2e2d69954c8b2d9a176549ca11009f49637312def62516c6c13d94ae19ac97ec3283e66a66c49
SSDEEP

768:nCW+qdSJyQt3jtu/afKh0VmZuU7GZmDvH8KjKUIO:CBqYcQdjoafjUSGH8KjKUI

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\NOPNewHelp = "C:\\Users\\Admin\\AppData\\Local\\Temp\\5a0919fe72427dd51c9a8129a29649fe.exe"	5a0919fe72427dd51c9a8129a29649fe.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe
2124	5a0919fe72427dd51c9a8129a29649fe.exe

C:\Users\Admin\AppData\Local\Temp\5a0919fe72427dd51c9a8129a29649fe.exe
"C:\Users\Admin\AppData\Local\Temp\5a0919fe72427dd51c9a8129a29649fe.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:2124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2124-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2124-1-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download