5e2967c8d5af4b9ad3dda4cc27e23386052a3b2d17aa12c68452e895720115c4

General

Target

751d0c6c4f18cc8d4bfa7b4f47466647.exe
Size

170KB
MD5

751d0c6c4f18cc8d4bfa7b4f47466647
SHA1

83d644468616940eab1aeb3cce0f2726aa91b16d
SHA256

5e2967c8d5af4b9ad3dda4cc27e23386052a3b2d17aa12c68452e895720115c4
SHA512

0e0ebd5cd9e1a549f023afdfcc44a917d86edde0f3310a775104ee70a15e840b335e128ab58a2492403f8051fe39b9abd2da06a29d448918b9843f2b509b4ef0
SSDEEP

1536:Yr6R9ieUOc+/RAhDcaPLXbbsEyQIrZBQlgSJ0TWS3:G6R8Y6hDaEyQIrZBbSJK3

Score

10^/10

evasion

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

751d0c6c4f18cc8d4bfa7b4f47466647.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	751d0c6c4f18cc8d4bfa7b4f47466647.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

751d0c6c4f18cc8d4bfa7b4f47466647.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	751d0c6c4f18cc8d4bfa7b4f47466647.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 27 IoCs

Processes:

751d0c6c4f18cc8d4bfa7b4f47466647.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 4c003100000000000000000010004c6f63616c00380008000400efbe00000000000000002a000000000000000000000000000000000000000000000000004c006f00630061006c00000014000000	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 7e0074001c0043465346160031000000000000000000100041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f3c0008000400efbe00000000000000002a000000000000000000000000000000000000000000000000004100700070004400610074006100000042000000	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "1"	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = ffffffff	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_Classes\Local Settings	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4a0031000000000000000000100054656d700000360008000400efbe00000000000000002a00000000000000000000000000000000000000000000000000540065006d007000000014000000	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 9e00310000000000000000001700373531643063366334663138636338643462666137623466343734363636343700006e0008000400efbe00000000000000002a0000000000000000000000000000000000000000000000000037003500310064003000630036006300340066003100380063006300380064003400620066006100370062003400660034003700340036003600360034003700000030000000	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	751d0c6c4f18cc8d4bfa7b4f47466647.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	751d0c6c4f18cc8d4bfa7b4f47466647.exe

C:\Users\Admin\AppData\Local\Temp\751d0c6c4f18cc8d4bfa7b4f47466647.exe
"C:\Users\Admin\AppData\Local\Temp\751d0c6c4f18cc8d4bfa7b4f47466647.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Modifies visiblity of hidden/system files in Explorer
- Modifies registry class
PID:2360