d48159513768ba9443007c60568644a8235ae826eff6a34befcaee418e221c79

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 08:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cabfcf93c778f7dd364572e87dc57e7.exe
Size

20KB
MD5

7cabfcf93c778f7dd364572e87dc57e7
SHA1

a59ee8bc54100bb8fe0f6827c58c2289cf8db5de
SHA256

d48159513768ba9443007c60568644a8235ae826eff6a34befcaee418e221c79
SHA512

b40472072625233d5710c06fea95db9ae3783dcb3f739873419627d92c928e13ad82eba15fdcabc453a845d09936f7a64067549dd7ae68d005910464328eaa15
SSDEEP

384:lqQoJbMAlG11KO/TxYUd2JOeKFysYu/NSqWhWC4laIVzStIPdOAH:W1MAlGrFYUoKFyxu/Nsh0lJ5StW5

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsUpdater = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WinUpdter.exe"	regedit.exe

Runs .reg file with regedit 1 IoCs

pid	Process
2360	regedit.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3040	7cabfcf93c778f7dd364572e87dc57e7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2360	3040	7cabfcf93c778f7dd364572e87dc57e7.exe	27
PID 3040 wrote to memory of 2360	3040	7cabfcf93c778f7dd364572e87dc57e7.exe	27
PID 3040 wrote to memory of 2360	3040	7cabfcf93c778f7dd364572e87dc57e7.exe	27
PID 3040 wrote to memory of 2360	3040	7cabfcf93c778f7dd364572e87dc57e7.exe	27

C:\Users\Admin\AppData\Local\Temp\7cabfcf93c778f7dd364572e87dc57e7.exe
"C:\Users\Admin\AppData\Local\Temp\7cabfcf93c778f7dd364572e87dc57e7.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\regedit.exe
  regedit.exe /s C:\Users\Admin\AppData\Local\Temp\~dfds3.reg
  2⤵
  - Adds Run key to start application
  - Runs .reg file with regedit
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~dfds3.reg

Filesize
181B

MD5
204fbc749941e5e8a89cf92eb343567f

SHA1
9dc5142e1493c31b90fd60185a3682e29e573cb5

SHA256
7fa6b6939cd29e5dd3c127f76db53e47e176cd7610b732f96950984802bb6145

SHA512
aa28ced0174f014072c3ccb072786ef5761d171db325700029b0f7f98e9a4f644d5590c33f0b9bfd8a6f0b8974bccb7a4d7723826525b1f01a84477d2a6bf437

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads