a7ad2937f9fe9e22b397c552a1a3bd6c5ec28e394993cbf1143cc850f33a94a7

General

Target

6944814fdcdc6b051bef078ee0371f9c.exe
Size

268KB
MD5

6944814fdcdc6b051bef078ee0371f9c
SHA1

fbe3489af259a7ef322ab8675ae7081a45ee6ab3
SHA256

a7ad2937f9fe9e22b397c552a1a3bd6c5ec28e394993cbf1143cc850f33a94a7
SHA512

b34e128be2eb7232def3028825b53761b9972b007e061c590f0a2948505b179706442f9e7060fdfa7040420a08ba8c76b736a73befc65f24b22bcf0fd79d3b2a
SSDEEP

6144:Pu8+K+v/XZRCWKWrJTKc9VBHCRtkzFtUmq:Pu8+hXZs9WocpiDws

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

6944814fdcdc6b051bef078ee0371f9c.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Windows\CurrentVersion\Run\KeApplet = "C:\\Users\\Admin\\AppData\\Roaming\\Media Player Classic\\{E31677AB-6367-4CCB-8033-32822C2DED59}\\UpgradeChecker.exe"	6944814fdcdc6b051bef078ee0371f9c.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\KeApplet = "C:\\Users\\Admin\\AppData\\Roaming\\Media Player Classic\\{E31677AB-6367-4CCB-8033-32822C2DED59}\\UpgradeChecker.exe"	6944814fdcdc6b051bef078ee0371f9c.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

6944814fdcdc6b051bef078ee0371f9c.exe

pid	process
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe
2236	6944814fdcdc6b051bef078ee0371f9c.exe

C:\Users\Admin\AppData\Local\Temp\6944814fdcdc6b051bef078ee0371f9c.exe
"C:\Users\Admin\AppData\Local\Temp\6944814fdcdc6b051bef078ee0371f9c.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:2236

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~cl6539.tmp
Filesize
1KB

MD5
43351029629cdf4291e44e7bf2fd11df

SHA1
1308bd69f13763aa4fc31042043b8630947b8579

SHA256
1df6636812a0ef88e32465d7ce335e884868db9b56a22a52b964b6495f540808

SHA512
f095d302e24752b297c8e431ed32729becf976b3fbe8c65e0edf46e0d733ca3247b203908c4392a0f1cdadb80776a584dcf846d44575b5245885f8514e1e314b

Download Submit
memory/2236-0-0x0000000000980000-0x00000000009F0000-memory.dmp

Filesize
448KB

Download
memory/2236-1-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/2236-16-0x00000000001D0000-0x00000000001F4000-memory.dmp

Filesize
144KB

Download
memory/2236-26-0x0000000000200000-0x000000000020D000-memory.dmp

Filesize
52KB

Download
memory/2236-35-0x0000000000200000-0x000000000020D000-memory.dmp

Filesize
52KB

Download
memory/2236-39-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads