95d9011962b850f0a9065394b462220efbbad4d7140e1c81378203e3a11a5cbb

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a04fd8a9c3cbede2ec1d10264c22f49.exe
Size

96KB
MD5

7a04fd8a9c3cbede2ec1d10264c22f49
SHA1

d770f52384600c03cc8f511e8803e60fd030e3b0
SHA256

95d9011962b850f0a9065394b462220efbbad4d7140e1c81378203e3a11a5cbb
SHA512

e3389f8cb2368649c3eb30fe107b054ac3d173076fd173c0156422d03e21e7c49382461a346241df9663c114f7ef3745b2fc7a9b9320ddf2a14f7645e38e0c7b
SSDEEP

768:zZbiNRR35nkjDrSdz7t+bJaHfZexo3ozGWy6bwzyDod8SdPy87NuJcoN2:yRwjUzMeoNz7pU2EWSFy6uJcoN2

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\webscriptutil = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7a04fd8a9c3cbede2ec1d10264c22f49.exe"	7a04fd8a9c3cbede2ec1d10264c22f49.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe
1692	7a04fd8a9c3cbede2ec1d10264c22f49.exe

C:\Users\Admin\AppData\Local\Temp\7a04fd8a9c3cbede2ec1d10264c22f49.exe
"C:\Users\Admin\AppData\Local\Temp\7a04fd8a9c3cbede2ec1d10264c22f49.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads