e0cca16ca4c74e5a5bea2e01ef1220a1edc52e963b86eedac82bb8cfa617d17f

Analysis

max time kernel
148s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

806313d44c551a9c787afda0e7b65127.exe
Size

40KB
MD5

806313d44c551a9c787afda0e7b65127
SHA1

6b0873c888893ff225534de774281c9a16ca7b3f
SHA256

e0cca16ca4c74e5a5bea2e01ef1220a1edc52e963b86eedac82bb8cfa617d17f
SHA512

db8904e2be9598d39e094d6c45f2cc62c2b6f37043e638bd1ff69b042433a59adba392e693a8a3f6ca311bc22892e1ff7c3c1094f7a9107236117237742e0f50
SSDEEP

768:aq9m/ZsybSg2ts4L3RLc/qjhsKmHbk1+qJ0UtH3OR:aqk/Zdic/qjh8w19JDHE

Score

7^/10

persistence upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1988	services.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c0000000122f9-7.dat	upx
behavioral1/memory/1988-11-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/3000-4-0x0000000000220000-0x0000000000228000-memory.dmp	upx
behavioral1/memory/1988-17-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-21-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-25-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-26-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-30-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-50-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-51-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-55-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-59-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-60-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-64-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-443-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-1193-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral1/memory/1988-1990-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\JavaVM = "C:\\Windows\\java.exe"	806313d44c551a9c787afda0e7b65127.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Services = "C:\\Windows\\services.exe"	services.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\services.exe	806313d44c551a9c787afda0e7b65127.exe
File opened for modification	C:\Windows\java.exe	806313d44c551a9c787afda0e7b65127.exe
File created	C:\Windows\java.exe	806313d44c551a9c787afda0e7b65127.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	806313d44c551a9c787afda0e7b65127.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	806313d44c551a9c787afda0e7b65127.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	806313d44c551a9c787afda0e7b65127.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	806313d44c551a9c787afda0e7b65127.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	806313d44c551a9c787afda0e7b65127.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	806313d44c551a9c787afda0e7b65127.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	806313d44c551a9c787afda0e7b65127.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	806313d44c551a9c787afda0e7b65127.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	806313d44c551a9c787afda0e7b65127.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	806313d44c551a9c787afda0e7b65127.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 1988	3000	806313d44c551a9c787afda0e7b65127.exe	28
PID 3000 wrote to memory of 1988	3000	806313d44c551a9c787afda0e7b65127.exe	28
PID 3000 wrote to memory of 1988	3000	806313d44c551a9c787afda0e7b65127.exe	28
PID 3000 wrote to memory of 1988	3000	806313d44c551a9c787afda0e7b65127.exe	28

C:\Users\Admin\AppData\Local\Temp\806313d44c551a9c787afda0e7b65127.exe
"C:\Users\Admin\AppData\Local\Temp\806313d44c551a9c787afda0e7b65127.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Windows\services.exe
  "C:\Windows\services.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3549ff631b292f71e088958f7d3ca223

SHA1
ff4f1fffc33639d444fa0ba0fed73a291dca868d

SHA256
cc4e6e1a969300e329d4c3df355acce3c4d3aa429b66805e7d8b7649b327245b

SHA512
b1f703e7f7f926d8d35f728abb1df3502ac77b2db03ad358afb96c0b1c35f08fb0781f49987d22f79b68cd49a1b0bb0cb99b8f37392dae259e8369d0fb620eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
04dbf1a304b8ba9ffbcb9fd897f50ee6

SHA1
6bb3c6e97e90bec750b317f688c99626baebc0a4

SHA256
fb45ad657e87a058b8402b4364d2baec77f29c6b60c1df2799bc3c2041a29aac

SHA512
763a96e7558c363da1b8d6aa6f512f32b98cf6b8bc09e63109854d08adbb6475234e8a5907597bdb9beb8864d7fb7fae81338560b860db98c814ecf507717660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e99cb1efbf5ef68da4fa5920eebc5647

SHA1
26fcd118f74be3f857060f0f072ca23bb04640d5

SHA256
1ba1eb3c863230b1d7e1c98c797ecd9cfff245eb5e581d94c2505bf08d03a990

SHA512
2b7560e82dcd6ac41043a2e2cf900091a12407968f6cd2b0fad6590023eb595ee4b39be3164f2cca8b0af838fa7ba893785ffe38a11780dc79f8dcba442ae4e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0867fba95e79ebe330dbd4fdf6ffa14c

SHA1
aca57625eb31ecadb8289663c32d7906dd9c6954

SHA256
925398b4bf44434afbaa5c8b9377baf2df7b7c06bff183f799b4080b9e9939c2

SHA512
35265ee99b04af0ddf03179033e64a3667d755bc901cd598680fbf9579493d9adb64407f9b84a8702bc428a5d46b8400042e2af7e9579fc5045d7977388c1494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5809b1c05828d92c5122f3d5ab3e3ae7

SHA1
91af6fddc3c674b8103328f8c537cd8064eafdb5

SHA256
b5f221897cf861608be4a8126eaa1e6567c5bdf5b5a4eb195ae675a30ca99584

SHA512
ce30a84fa23a141eb352522c653f24d524253309aaa67a5c21f8bced9b23c55e04a2b8efe8747162e792013d6d9f13e3657923c7003197cf6459c36a153ecdee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a173206fb2632196ff5fd1f96ecb743b

SHA1
6fa70a54a4f02e871992351292e17a9d9cde0b3f

SHA256
d6f3cd4f3439967b8abeec06e77cb8fac1f15a85a642978284bb48572161cc61

SHA512
c6adf4570e8c43bc93386b7b8f0131c1e5bfc8dc2f2cd7874f781b635478d780978e83efe06f87a83015b861018060a9877d0e29a511faf94f2dd291fc4b06dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b8135e107910e6e105e36a145e2cf37

SHA1
3fff3956265fdb261679180fa8a947526867cd68

SHA256
41b62ffb6e7042db0878b0c40bdd2cfc06e9aa03cc09499f6ab4e7136c52df15

SHA512
47aa50165f98aee21d319b46b783619594356e7dccdbe418ea6c6f09beb88add14b4eac6970c6bb14e6255f719c1aeffaa6d0cd88d37d3413c253dad91143aaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3d6c769c07429fcc4d3b9036d50f4a6d

SHA1
c0ef263443a5ed05c217f918615dbafd4a498778

SHA256
5ab115ab48586d0200ab7af18c71f3992a560fe46ec4f3670bacad906f559282

SHA512
3218f762571e3f11e890c6dde4dec5de7f8ddc6981bfd8b66fa5394f4eca1f89273120fd69e6a3b7d3ed73ddcf2119079a5bea1bc42befcf8324cee9df83bf06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63e3cb29f9f3814bef86a8c84517f1b2

SHA1
09d54182f889275625c90f3a55d69264c9294e96

SHA256
721e1e48673a439bf456cb8f8fcd2ee813940413e59ef67e01c08878114f4d5f

SHA512
f8f58b77d1bd497a8ad7931ed156ae6e6c5293c28cf9ec547d49721a4bce0d772d02823d31e8dd8036a18934644d268b6d4917587c0fe6db6b07a521cd140cf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09280d61772bc6fee19639f1de776a62

SHA1
987a26752f831a4c2e90ed437ecac7f545b980cd

SHA256
268738838f9914ebf0c24e29487bdb06707983a1b459945793214b378ac23317

SHA512
56ac8d4080a3e1997cc9614a1ce271f41121747499ee5bd18df43ec9971c473e6a21acbe8edd1c58d8f5a2248450f696f82207fc9b29879d45f9a8e07530312f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
457987d679d8854fd544e547f6e0e88d

SHA1
348d14f5aa1b4bdd8511840f1ef2fd21bf5ca467

SHA256
c5d662dfb64f3f6770f0f3faef086770062d8ef1cd73e340fcc6494728c657c7

SHA512
55a7d4271ed223e27f365a5b6d2d89b5b44fbbc4e47aa3757c1b4f262e370fed9770eaebd3d4ddee77e3d6dc9a95fd51d9c5ebebcc9a24c3536da161103cf174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83c4df9f655893aefc620b661e379a1d

SHA1
fc6bc7193333b363d5763237757017946ff31128

SHA256
6bead71963de361bf694577de2bbd47030eaea9216a716b03fce17d228608be4

SHA512
a78e6e1c12d531ed993acd5c759288c387a06707ea47767f33e349c2410c4fa72c9fe8665dec56fc378babf29c93723b926de48ab073ef1ade1b017788298da9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a39ecb779761977120f3e68fe967d325

SHA1
19d1e42629c2dcd9b365aa23461f26ec5ed71d53

SHA256
61293325954c6cfb9dddc957bcdfbe49d1c0c77fcf885186c9b1049a4f60e2c0

SHA512
98514c7a3d887652cf5ac15504a6f45cec1e0c4a7933aaefa37e5a4809273687206c443e9f21b139e3c58c02483f365b844d8a6ae540449d6f833c31bb6e0e46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d24acc5c79fe8fa0105a922e8f7cc3a7

SHA1
ad1df28c2281b14817709a28b0d35b3646de8480

SHA256
12c708f45d8f10664084ebfdc0da36e05af8d019da6999a9e2ff80ea37688782

SHA512
157d8b31ba9ad625fe3d52b34888ca900e87869200f11a0d3850864718e3bde662dfbffcdcd1f30d14109bc68e6bb2ba894af25fbdf26c73682d8716209b5fa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d6d4f8b55c57a77dba1b299519cb977

SHA1
799571962e6d2c733744c64456fde12b83b49799

SHA256
e192f5ab96ea6c4232846b249b8aaf7c69bd4b91a409b10555f540092608d2f9

SHA512
f871fbfb5ea3ac5b5653263419b16bfe0a508b9ff72b322bc3674fa387ff7648202335ecc207212805fba9beebcf3df82b7cc95beff22875ae4c37acf44efa6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3193c6df58015821754a6171493fdc6c

SHA1
f2dcd06bd7cb1d780791a06c1c9456c74d17eaf7

SHA256
1c07fefdb656a11c06f8b6358a208462d30c26aec36e5194958f6e1dab6c304d

SHA512
987317709cbcfacc144ca7b30fdd2d08b6031669600c192785df9e9aa9eca9a345f3f69eda4dbbea13d848654283bad568261e6c869ebe6a48fc9ca99588b77b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b73c9189c99844b4936427a35fbee375

SHA1
2be63c9de71ac60762fb198cdb2527be01cbe9b0

SHA256
2b09bbea7cde9867d325f081d16fd8dd42f55ca4027e131ffa58bb1c6141846b

SHA512
b3b319f184ce25bf5d64f065d9012daaf56f2048ff32f80d7c2ac83207dfe00f9f357dfdd79bd44b9493cdfc202e285af51345e850ab2304c44db69cc7e3dca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bc0bb640a7e440a046d5bece0e880cb5

SHA1
b338978ab72bc24906179d777e3c77f059ebcfbd

SHA256
180c1c59abfd243d546f7df95a8fecd0db33dc1ffbcbc6acc9273b5cf84e8510

SHA512
f616beaadd9bf82f5d808f53c88c1af120a5e9e0edaee3df36e3edfc5dc8580eb60d259d7820d2e4c4fa071c11dba90e76ccc82c8bfde34ee10338bceaadad28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89520da541fd8539edbdf3ffb8f503da

SHA1
eaaec24ed12e24ed57e41fecf1876a325fd0cc43

SHA256
06d57f0be9fd293236dad481f3827d76c0ed8f44b5eac3a4dc35f4d6b6e36882

SHA512
e379f8150ed6545e63a8996ec7890234af16102fc7d4127b98d92e4d46a9c84bcd7feb1e0f276759af3168be072c06efe2445acb8730eb673f822e8f69fbf35b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4447f45ad3b12f6ab46cf13de88bf1ff

SHA1
2f33a1d28ed1be874cab9c9e149d9f2ea19308e8

SHA256
dbe58c66731b1fee9b48a9d92b15fc8ca91ea2b022b10bcc4ff52f9751f07162

SHA512
87512ea8d5319aefbeb2020f76680a38bf92e929fdc6f7116ec0d19b1e0cc7dfc71325aeef543bd9ec90f1cf2691f24cc1293e0dca5f12bea7d1d9233be96860

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
669d60559366528cffe8366158dd2b1c

SHA1
d9c330537d1921939b895b098ea12b8c1032c837

SHA256
1c42919ff8fd06abfaa42a9fa765244b96f54142e8b1cbd82c63df3d122e966a

SHA512
d89c406017ad2c0e1dee7e111d367eef2018c17fa2a6de0ff818cb116fc30f49a627db3b441188f13ffb6fb19981d8721c956dc7e399d9d1f3914861b999c958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
586abe2ca747257f15a68e45a0923e40

SHA1
a5bbc52e82443d3e98380e1fff99abc7696b03e8

SHA256
9020e632cf8cdc7c9a45903485c2e1a7ff856acd2191f76a142676816a65f9fb

SHA512
8faef74f846678ab6f83e8c099cc1eeef460e191309ca0d70b540951ef4e7a6c268aba96a064f04a0d72dd84b2af3d3afd9de206c2a3313253add66434d1602e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15e1e92f0581a689edcf37a491bf28fa

SHA1
51b0ab3a56c51daa87aea9dfddfea4ec146adde9

SHA256
4a10a5e24c0010c52124da2b704300771d05fa2ec4ce7a17356fc1e094c9e4a5

SHA512
44e24e9de9b9ed42c28a0a956f622d8f7061ba8380bbfaa0702fc917fca18962fdfef22b59fd485fb31ceecd1e034d402850a1be92f712a395eaae8110ced4d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fe7ecaf145306213afb2bed75638cbe

SHA1
1cd7a7b982ae23f29e287e3d0387ddac1af4f3aa

SHA256
76d11b9fbadd2daa62a57dcbecc6df8e5d62bb84ebb44935b74de1c4f50d30e9

SHA512
8622c7820a60f6826e4687e17b8a5ec6012fa623b450f2a1ec122d31f588b450769581b7f29220dc24dc6b74fda9a7607656bab62dfe4be815e437c9427ed51d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
075db3f0e87da58460e1c8c590825cf9

SHA1
32944e9e310f410c4e6b025921f5c913163372bb

SHA256
eacfb5f5b356e4dc9263283f4971d1d7f399f70d0b62b70b1e641db42019085a

SHA512
a9b09deef967087867ca39f4e0dde87a3bf4ecaeb6ceab7586ce50adf3a5b243f2efce98b59dfe42fb79dba9548989a32eb49cc67e4d12734631cc1554ce5403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
11c861eaf444837fbd9b6e037ccd48de

SHA1
074a8d75f25df45ea45f7d3ec2808aa490d0f398

SHA256
c7025a2daa17dfe3b0f194c756132b4c73be42cef8537ab8ab17a576dfb46e7c

SHA512
08e4ddff3a59cbe030920f405a20fea0ef26c14f62d7035586074fa46c356922f2be328eab2fb38bcef568cc0baffe55490eeb9cc0539d1cb1ebbd17de20431d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d99b9c1de23dbcb6051ca0ffbda67cf

SHA1
f33e86ceaf5a4849a75f02027ced1b3d03a8e1ef

SHA256
f581dd683f74261b5b412987f51bf8719d1896017c98ce5b38e4bfc0d9400a6a

SHA512
7a8f8a5c1f98fc6a2dd09a50e391ccaeff37fa6601b2ac5deb4c4d0644905fb08df9cdd7460a842d50e826eb9dc3dd3f4687818ae000cab62b52ea783d45a973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
24a42df67cef91099195f526b3256243

SHA1
28d3074e2356df1118584a276a84a4501e0669ed

SHA256
5019c6603ab92296101a9c3b5b84a842fb159c265f443119a8f474283ae41007

SHA512
25af59fcc22d88ffb991be281697a3c5d5699e0409832a0745660443231e1fb550f161bab405007fb3cb14d2155982f35f25d67f155d34100a22cb114d85e851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
31bebc9590ce7f68fb8c72f410a946f4

SHA1
52db41ad3db9154c646cf7633a8a9488fadd5606

SHA256
a091010886c8bb580b381d0df68c81aec8aac6f4fde958937a70552620c201a4

SHA512
dcf337f35a690bd0dc82bfa984b309fc1b525ef5876055a5f6f320f09f9eec3e84089f5a448084005fdcbb995d780afb3042347529ffacc2b74c999bf057550a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9165dc4f51e8bbbccca4a08193685f40

SHA1
a10618a05efe55eb054eaffa5a7c31953784a19a

SHA256
4c752a0e0811585581ea1d7205f1c13009ab3c33b4d92ec5d02de43cd9b2bbae

SHA512
db218a0bdf45ce5d9c78af4401e29348fa5e4cf3646ec040d8f1e91c8c640633158ebc71daf25fb324e3f3a83819d68c9d037eeff956456c8d7fe181734b1d36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d9a508558387860de02f3e972a252f7

SHA1
e7d92cb4b1bb26cb05a42e3e943dd92480caa33c

SHA256
bebd991ea31d719a51f83339df17c92b225633cf18185b125c4d3f5b9a0c7fa8

SHA512
565259122273bb68585d55356f2694775a3b3f432e779630314e2330e8e3d84c07a1452e9e538b6034155e658a19c6fbe6e7ddba5bad07a8517b481631e6a280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
615eab232d8981744ab1e90bfcd9343a

SHA1
7f2febf259842270b26b9ce11b519bc75cf734c5

SHA256
c10d579db117162758e0b59304a0de6f8b30572579ffaf0f580b109978c6c772

SHA512
c4cc8be7094915f69c3c47b6200863d7f402bc5b28810ff9339b4fde728d840359760eaf61eb70802e3546bf4133606a6945004fe15f858d827a6c086a6284ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ccca3f5d0aa70f61d5e5df8ffe53c2fe

SHA1
b858834fb70954bc9bc1187e0da3e209efdb2375

SHA256
e206554bcbda3f665442601d754aecc48a03eefc9fc8cdb47883e19c0be8a2fd

SHA512
d0b847a748053fdfa396b9debcf8a74500ec742140dd4d4a2f3eaa51688e8288bda9a176a00db17673f4736e26fd8d305911aa588c98aa9bce6227d727f9ccf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d4b649b15873bd12814c680adde46f7f

SHA1
fdba3d7d2378a94d82340c0e8b2c78d528abf258

SHA256
0c28553eca3016a9043f23382c7493e45fe34df33d3ce6cf7f6984e44ed67197

SHA512
c2f8265bc5ed41997212b3be0ae590ff5e39afcabcff028f2f42a1010ad08957b09386c80b9593acced18b42679a46fb522ea7a6af065e17b7f582020cfa6d7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2422821af96d1a401ac060fb1ac92ac6

SHA1
c004400d5dbf7af4bf78f382daa280decc1e6fd1

SHA256
c174405cf98033fc3a81b77d382097a110e376fcab3cf70141c31e8da5741477

SHA512
1e3373537f41635dc7e470c47d5439e529310a0b78950dcbb7aeb7e3f83c5c1a887617f273d3a2466e1881d32b9a40ffa6665d0ad61c6baca2529d74f5c2b3fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
54c0074d1bb1d6deae77ea634a31be04

SHA1
aa596f06557ef71e73aeb95ba8f8b500842a2c92

SHA256
50845ee0684fd484181828d562bda45b4f4fe1aed83f24b2b3ff726aac6bd497

SHA512
9e90c1a7835ce6d4eea2f25f25c59f3488bf930b26caccb14a1f2f8e443a55eccdc91827e99cda3ecc111e6dc6bedf64681c8fd6160f8bf9dfbd88542327db4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f2fcff9865c2e8e0ad87cb67cff000bb

SHA1
766146b202ce2fc4c4a1ce931dbfc48b3c142197

SHA256
e7c1b8a49bbbbaf4e57add457e31d2f2d1a6a835eec1aacbc1a66fe9b0700643

SHA512
84dfc1d0dfcbf7c797835b180de800329f2c59a7993757c19933a5dd5fb58967dce7a0d2bf4d0d9173c39b94fad4f655548172ed264224db38d924d99bba46df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ac08b64f3755c845cf83277b2b58295

SHA1
e6402923a20ed26ab45d14adca68a1cd2690d9f3

SHA256
803d83aae7e313e3d761603f2843c2dd47fb005ce66fe93d9acd2d7bd9a5bde3

SHA512
548c17b7bb31e3e01e974f9c21b338ad8e84e94ade20fd5908b572822a744d1e2619e2e8eee59d4c645d493436ad4e10cb3d959d8b17a63b1529df12e28e4a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fde797338214e5c9fbb575544079c146

SHA1
fcbc5eb97cd83344b096b6f39fa47889a186d81f

SHA256
ff11e343730c8f7a3a270db0a48cb4c5aabcefa649bb65c818addfd3910b341f

SHA512
b64e45f9f64c72cf7245bf757a69c91e57b5deafb67f01c5b24bed00eceb63070b7f332d28ec3d28df068129ebe289c9d41960022d2f41453053fdcadc9e75d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
685ff048d9fa1788f2430d2b0359b8cd

SHA1
7c1d5fa4bfb6d78d8414b3e941252615563e699e

SHA256
f87af03f043194d98c639bf316ec69c2e1450e63af6f6531703ecb847bfbfefa

SHA512
76d37c67c7de48ea5313c105d2b7493c6d2e86b1810164faae5a9f1025826b7dee3dc682750e7404d2f80f591472d759c3411b5826ddc38181e58a1c342b6754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0c0b1cca26a0f1abaf44455986da4f14

SHA1
c1cacabd464159e769fbe48c058c70f4c0b58bb4

SHA256
64a4d46be90a3de07f7fbdccece3006eed56fe6707ca3f7de61d427bf7d251e7

SHA512
a15b58239d0ebc2852b161f206d6bc4ae003916011f6573d433230582dc72429df29eed6383d3355ac581757099ff83e9b4e96642bf979badac56282b0bf9366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fdc1e75cbcafbed76c6c63b0edf42595

SHA1
856bae955aa43ba377df723eed2d5ac79ac8d162

SHA256
fe241fc944e2874396ff756c214fdc2617ad41130d4d985532e2ce4967a1fbdd

SHA512
46f343e7a130b288ec251396817447f8935f13a6e31344ea06e650844e4b0027c7eb606cc96c270a2f70d49654fd19aabbf88f0054ad7f1340a31483a3dcf61a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3a5d9d2308e7da1592ad53235b1fa3bf

SHA1
5bbc0b76197e2edfe8ed89274a48a8f38926d691

SHA256
5bdbb458dc4ab8acb45d5458ecf3a452bf1ff1c11bcb83ccc22ac658eea4033c

SHA512
8fc4c048c605ef1ce56e8f7ae328cc234ad412e64567cad152b5e507d556ede58d4c6b42721d49a8d66c87bdb9a61eed6638a8ab51452c5e29d31c5a7907245f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a325a392d283d4296d654cc0e070c43a

SHA1
113bd70414e46c03cf15487ea5bcb860ec0996f3

SHA256
06ed26d6d1383afc8683e82968c38a1f2ec8279afbe7583262bdd2c10099b8dd

SHA512
91bfa3f72534ef6f2d2df27b27e992dfe6f1421956e1182e0a635e844939c50e7019c1fd6557b45eb8ab0e9db6ee407bce6df676d297abd667f552c15ad761d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5769b2eb72a41a624fadf62716492f4e

SHA1
b25094b58c82cb4548076838a6c52c10e2042c41

SHA256
2a36ed42935c3e35a508c03b2d018f1f04ab7b0699dfd7359da64c6f665fb40f

SHA512
1237828cd85ff329c28442b81efc72b3f52598e271b872e71795afbb74dfce9cd60989208c893aa61e5bbf28aca0b220d54f70d25315b2e17e43a0704cd1fa6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7a01502e66c4ca22c098faadaa34cd33

SHA1
f83124c5ca3db34022b9463c1681e243b6e1ab44

SHA256
9a24eb00a805364f0e37734741caf71b87a96ea702158145d8f15c15030cb0c2

SHA512
f9814e5029bde3cabc43e346885fa1bba369539a0e307150398d0b52468455b5f76ce41c7d738bf1106dd2d6d3f464a8e8eed0be648a3b29bc142dfa4b46b2e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1640ab92a0256a44c16b909a9805a581

SHA1
df9eb1a6b2839f436c769f6407332dc3a70ea13a

SHA256
71825b17bb2c49db4722bf594d5eb3aa432151caf2c19d9cc4e360b240a00615

SHA512
b301a431f2e6793fee003f434cb4b045872fd08de54e99e78772167db1dc008d9a46c2c8aa95cb664275157287ecd38abab9e71c2006c9df73477d7cafc5f7cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce90173e042492a39d5124e859dbfd0d

SHA1
a8e5a9f177a51825c3796f413c71fa81a8fee9b8

SHA256
92ba2a6f1fea27307bd4acb1add805748538f292d2e8acc4355f58bd853bdc7d

SHA512
8713856b1d7dccdc35affa43b8036d9e30a625332be43f87028e123f8e07ae5912f376977a0f8606673d5ee1bdde1e464185b7b3e68c479f860599ea87764e75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b1a38002d0a3a4b6bc31c004a6ecfaea

SHA1
3f59cc4bd03f9177462ccb975398361f522c0d3d

SHA256
1e42eb1189c7f921570afa3d3ef11ccfbb8bf9077a7eded696f5cd1e6329c107

SHA512
ff1cea24504b1f54c20eab7b1bc205edc0f839a00bd0bdb9c6ce6a42990829ea654893d4661221162c2a4e1e9ead970ddf2ecb6ad5c12cfbd09303394c1677ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6b80601eb0733c109cfc107fe4d4d50e

SHA1
4174d86f3855e9ca1e0b45316ce348eddade44a5

SHA256
23a3a28f2fdfc3d0e41f4ff5c81e9724e0e0a88d192d5b1d37a9219569c9e546

SHA512
e51ddbf8951c4ecf136feee6ebad4344cbf1233972692b417a711d3513ff3b822ef39b3b22c335d826e47e7ff7014f2c1b4c9aeb7176bf844d022d6d44ce77bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c870f9f02fbe7f73e1c5d08f16f5af88

SHA1
9af37ab19c26847932461795b2d7ee3b203991c2

SHA256
5a9249e5e216015e7fde8850c05d270d2ce534e52cc476ef6d3ff5afe4fd038e

SHA512
591ca89f73c5f5c03d1c91aa8e6f9767c293b0873a60e8c8be7ec207534236b6b0bfc575d0840546ab3025f19363c4c54e4e439aae58e55c6144ec9fc0130694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\default[2].htm

Filesize
308B

MD5
ccfe63b884fe4225fa33f618a54ce37a

SHA1
bbb0778c1597eafe7fb9c5c65412f8ab04b2e311

SHA256
f7dd5bab49466a4cdb6a7f5a0e07a158f7a1567bd809ed745812469775b33112

SHA512
858f345503c89ba075b374764145fba5b1a9d3440d1628edeab0a3e02cc7cbfbe1119c20747026e69d630ed262d3c91c5073ef06823cf727dfcb11605c7c5ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\search[3].htm

Filesize
25B

MD5
8ba61a16b71609a08bfa35bc213fce49

SHA1
8374dddcc6b2ede14b0ea00a5870a11b57ced33f

SHA256
6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

SHA512
5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\default[4].htm

Filesize
304B

MD5
1ebded2bdff03c61ff9bf10a846c8175

SHA1
cec89ec07419370a2c8d88a66ec962377b2b1d78

SHA256
8e630a777fe81ece337b95ef20157d4201620954f569edac9b25b5b03addd276

SHA512
6624ab41f0db4b549bc7c5fe8af8bfc8630256107f52e9756f50a4e1d76d212510a287d58c4ecf4de71860c970569059d87c246debf816885a3f7f2b480e32d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab64D6.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6575.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5F42.tmp

Filesize
40KB

MD5
9e886d1eb953a22f9645a0ce72e9d386

SHA1
233523c641f063159263337ecaca1b57d1ffb1d1

SHA256
dc472eb83db25625ca487b8151ecc31a2ca01cb9288b24caf67e22eff9717c95

SHA512
c90ca19156c0b3f37e4428ad156297cab29218d5533f9f913bf763a086d82ea90e5c3b5e1ea036a802c37381b235f829805cf06d557b1719bdfbad3bc088fa9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
2ce4a4e27d27d27412656b0755ce02b5

SHA1
755c0099adc7021fe61441959fc2daad726d33a6

SHA256
7965c6df1bdc6299a425adcd5a5e874255f83989f7988bd71e43a80374d86317

SHA512
c2d260fe5406eed0148b3e4fa9b15e50c100b34ca5bd1ce474106be590479625fdee96aa6ea848d2b8b007abe5e8ac432c28e6e85e02763b0f2eaa9408d36f9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\zincite.log

Filesize
1KB

MD5
3bac56cd416434ce2abc1399459b5a43

SHA1
04a42e1e296d2e4d2e8be212d6d34d30917f4a4a

SHA256
587b2e65cfd181dac9ae8adde4a4b9ecd047ca242dae8f4be0ec8ee7c3cf5f9b

SHA512
659633815c9d8858885ba59f8bab69d180d0e80e583198e99d6ad6e812d9cd201838d822ce71fa6a8adb3500a52551867c0d927074261079015c1df0c232542b

Download Submit
C:\Windows\services.exe

Filesize
8KB

MD5
b0fe74719b1b647e2056641931907f4a

SHA1
e858c206d2d1542a79936cb00d85da853bfc95e2

SHA256
bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

SHA512
9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

Download Submit
memory/1988-55-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-25-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-50-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-59-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-60-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-64-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-1990-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-30-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-26-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-51-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-21-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-17-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-443-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-1193-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/1988-11-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3000-0-0x0000000000500000-0x000000000050D000-memory.dmp

Filesize
52KB

Download
memory/3000-9-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/3000-4-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads