c9f13ea0eb0a443ead388fec72aa1f2cec256446b7a6879343e3a3ac7cf38dbb

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 06:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5a92557b57ea37d373b9897c6207c781.exe
Size

395KB
MD5

5a92557b57ea37d373b9897c6207c781
SHA1

255329b1116889007e34adc1c1f43d34b5ec5e8a
SHA256

c9f13ea0eb0a443ead388fec72aa1f2cec256446b7a6879343e3a3ac7cf38dbb
SHA512

9f1625f5779aefca2d026388b9487549af989ef13eeab6771eaffc8cdd35c951d87c6a2389d8536586efe0d46c178e160c51936a813f6bea29781273e97f7f11
SSDEEP

6144:uBljICoZwfl6fAC4yFAwnmLxbzleeee55XU+e33EdP9Wt4D2PkNUDc2lpZzZ7Rop:uECEiC40rUfv5XUF3498S8kqD5r3ng3

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\bodm = "\"c:\\users\\admin\\appdata\\local\\temp\\5a92557b57ea37d373b9897c6207c781.exe\""	5a92557b57ea37d373b9897c6207c781.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1448	5a92557b57ea37d373b9897c6207c781.exe
1448	5a92557b57ea37d373b9897c6207c781.exe

C:\Users\Admin\AppData\Local\Temp\5a92557b57ea37d373b9897c6207c781.exe
"C:\Users\Admin\AppData\Local\Temp\5a92557b57ea37d373b9897c6207c781.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1448-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1448-1-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1448-5-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/1448-6-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads