e24726d1f74d830411ae090d0501c5443d0ce9c0db162a58c164b3487d8054d2

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67cd7ecbc387f6fba0683cd4b0034e7f.exe
Size

260KB
MD5

67cd7ecbc387f6fba0683cd4b0034e7f
SHA1

cb53a8bfaaa9b6325ec47846b7faffba7428fd05
SHA256

e24726d1f74d830411ae090d0501c5443d0ce9c0db162a58c164b3487d8054d2
SHA512

f57a1806dce2700e8a9b87e88102c613d1559f1e296dd65ab452e0679cc6193b3c9c440c7598c0b0f27c11c859414a7355fcd5a91b3e8d9f2bed45c5c02bcc28
SSDEEP

3072:jy7cIe5hcPZFMafJifsi2R4nuJr/ImfEGcpGJsXS9+:kcIe5CcJmyGJ99

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	ceiuyo.exe

Executes dropped EXE 1 IoCs

pid	Process
3060	ceiuyo.exe

Loads dropped DLL 2 IoCs

pid	Process
1756	67cd7ecbc387f6fba0683cd4b0034e7f.exe
1756	67cd7ecbc387f6fba0683cd4b0034e7f.exe

Adds Run key to start application 2 TTPs 52 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /T"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /f"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /D"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /o"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /l"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /F"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /g"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /A"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /C"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /h"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /u"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /Z"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /p"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /k"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /q"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /M"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /s"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /v"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /y"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /V"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /e"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /n"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /W"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /N"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /B"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /z"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /R"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /i"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /G"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /U"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /Q"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /x"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /t"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /r"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /L"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /E"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /I"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /b"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /P"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /w"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /m"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /S"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /J"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /a"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /Y"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /O"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /j"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /X"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /c"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /H"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /d"	ceiuyo.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Windows\CurrentVersion\Run\ceiuyo = "C:\\Users\\Admin\\ceiuyo.exe /K"	ceiuyo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe
3060	ceiuyo.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1756	67cd7ecbc387f6fba0683cd4b0034e7f.exe
3060	ceiuyo.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 3060	1756	67cd7ecbc387f6fba0683cd4b0034e7f.exe	28
PID 1756 wrote to memory of 3060	1756	67cd7ecbc387f6fba0683cd4b0034e7f.exe	28
PID 1756 wrote to memory of 3060	1756	67cd7ecbc387f6fba0683cd4b0034e7f.exe	28
PID 1756 wrote to memory of 3060	1756	67cd7ecbc387f6fba0683cd4b0034e7f.exe	28
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21
PID 3060 wrote to memory of 1756	3060	ceiuyo.exe	21

C:\Users\Admin\AppData\Local\Temp\67cd7ecbc387f6fba0683cd4b0034e7f.exe
"C:\Users\Admin\AppData\Local\Temp\67cd7ecbc387f6fba0683cd4b0034e7f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\ceiuyo.exe
  "C:\Users\Admin\ceiuyo.exe"
  2⤵
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\ceiuyo.exe

Filesize
260KB

MD5
4d4dbf380b2de8920889f99f58c40bda

SHA1
7df59c98a4de597fa65ab6c81edd84bc3dcefd48

SHA256
8ee0af5bdd61d3b727c24bd9237eb6f985bc5db89e50e29e32a521bfb5ce7639

SHA512
15944a74d49af395d033787928955e4dc72fcd5407fcc6084a5639eb0b570a2ff64f1b3f0cee898dce063a615d63a8dd9cf23ba7f723f14ef7cbf8c504c64549

Download Submit