e6a089c2a50ab07d23fd1cd03a508a2be917f41d6528018870df519600f8bd3c

General

Target

9020f0af4b2dd7a22cdc3962632507a6.exe
Size

556KB
MD5

9020f0af4b2dd7a22cdc3962632507a6
SHA1

41cf90ce6dfbfbae7b809ddabff804b955fc2461
SHA256

e6a089c2a50ab07d23fd1cd03a508a2be917f41d6528018870df519600f8bd3c
SHA512

4ca4923c472cd45d07dab7b0a1ee2f023a46bffac644dd67c77872dfd1ea9a2131093d18c923af61ed008b073c02105285bf6845741d48eeb45e65f806620d0b
SSDEEP

6144:Ddhf2Emsfr2zutlcDK1AJvqpq3+a2zaUaMYXocwRXFsE6sdNFNsDlT3w:Zl2ufr1cDK1AJy42zanlSFsElNsa

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 6 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6fa192872705534b2f4895f84002202e346e2f6a	9020f0af4b2dd7a22cdc3962632507a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6fa192872705534b2f4895f84002202e346e2f6a\Blob = 1900000001000000100000000f5067a38245c4734cc21b2118eab6900f0000000100000014000000df55d759b094ec7df8bcc3564de632305b1673820300000001000000140000006fa192872705534b2f4895f84002202e346e2f6a0400000001000000100000000e8d1a99b7c4949eeebf74828b1becaf140000000100000014000000aec7a68b78e1c75a0ca69dd4327e72e02f2168f60b0000000100000050000000530069007900750061006e00200052006f006f007400200054007200750073007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000002000000001000000440600003082064030820428a003020102020101300d06092a864886f70d01010505003081a031373035060355040a0c2e53697975616e205472757374204e6574776f726b2043657274696669636174696f6e20436f72706f726174696f6e31333031060355040b0c2a53697975616e205472757374204e6574776f726b20436572746966696361746520417574686f726974793130302e06035504030c2753697975616e20526f6f7420547275737420436572746966696361746520417574686f726974793020170d3739313233313231303030305a180f37393939313233313231303030305a3081a031373035060355040a0c2e53697975616e205472757374204e6574776f726b2043657274696669636174696f6e20436f72706f726174696f6e31333031060355040b0c2a53697975616e205472757374204e6574776f726b20436572746966696361746520417574686f726974793130302e06035504030c2753697975616e20526f6f7420547275737420436572746966696361746520417574686f7269747930820222300d06092a864886f70d01010105000382020f003082020a0282020100921e4c0dbedc8e03f5082d0c4be9bc3a5d3a4bf4a8cef381cd0d6be5556b38d031b5f1dfbe0f968b90544cca07b5e68c90f240eaf1d7d14dce629fc5ba786022d2af8d3934b0eef5ceaa4348a65cfa6c907d0e850835f400f44dec61df2ed76b6691b9093e852e33d08250c0986ade3ed5861f35e49197c3ad626b06a9134353935fa3b8d5eabf185a99068e9c48a3720b842f2a6d51c1a13449d1b49a0e77e95d66d32bf9993e6a359478a46e67baf8a1d6322fbfe53fe56bda417fa4bf7c678c452d0e4189f495673076179f3b48f93bbb19926f7cf09af8c5b80acc11750ef9d2e30908c1a0feeb9439ac27d2d69415c26a5938776ca1881635f19cc6c1a89dc2b33bdf8553c8626b48fdeb82eb764ec26b821d4197490e2c95ea4f91df7fdc2c57470252bc6ad3b8eaf5eab7e2d82e02697de67bc241a00d4c46773c6d13c81e4fec2a491c5ed82a6f73a49390c52d8bd5676c030528232a5f97de371909aa8bc08f191476d9ae58cdb71988e1befe3dc01213d82f95b10ab75be3052233436cb781e6c9d82d2327964449261db392c5d2ad8c80448a725aafed0330a98262dec39ccb5c045611d71bbdaa144fa1951ac67913a7f605e9eed511f565e73459f8f681e166d5dc3aefd22c7fb4b118b320dbad39e0e15f35ecc2efe3996def40c07c94e5b9937c867212f53228077c5802209c7e19d7e4f9c17dda462d76ab0203010001a38180307e303f0603551d200438303630340604551d2000302c302a06082b06010505070202301e1e1c601d8fdc4fe14efb7f517edc65705b578bc14e66988153d1673a6784300f0603551d130101ff040530030101ff301d0603551d0e04160414aec7a68b78e1c75a0ca69dd4327e72e02f2168f6300b0603551d0f0404030201c6300d06092a864886f70d01010505000382020100880a3977cb0e701ca2b21f98af10c7137174a988ee5bc8245c2ae240d57fe9ecbf0b589f4237033990a55198c049d1288599cc27ef8bef05afb404d7d6fa8a73c81bbd64242827814f15f451c43031b3dcfec8e01b4c29ad744a4ea5bea97337081f2c07c37788396d80377bcc476e9bb30bb5e89134fccf96a813370e0fd4cf063f31772752e70ea6f9b550213dfbc36fb2d299e87a112d6385fceba0c7b5a8f1c9be1a8b4b64f8e41fe5d2555eabeaa2fd181f95d863127743a5d6af525611e725c68fe11ea8687865a557189860067530350340f0530e02251fcfe728403f5fdd6adeb0fb788b7322b6bda7b6018ae5b14c790dd0602f22f71327beab8a2f6891e4e973cd81a00532284479115d61fd62d48781c4e761692cc6105734815d7ca45cb88e424e244e15b7f0fec18fff654e38e59f6e2b768c2dc94f1df3d7e9bffd5b31345b077d7b800760cd53a6af927f9e07d067203a5ded50993a54e3482c590c9418c38ad4c135f3d0181cd7ea4f94cba37b9033b70844921a9e45691c4bea78159c9713606cd7d2bcd7a82fd622083ac91cc4f2507d44e13006b9adf435292565cf1b123aecbc272cf9a5396ce1932a6ae52c4ef5d2491704a5939d6cbed452eb69da95e9ad54435a6aa046671c3e4dadce19c96adef86abc60186694cae36119d3ecf5f331e66b219a49b2c0209625bd9060ce22e4f0fa13f507b125	9020f0af4b2dd7a22cdc3962632507a6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6ece44f1b40321cf3a59899e84690b18ce8131d3	9020f0af4b2dd7a22cdc3962632507a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\6ece44f1b40321cf3a59899e84690b18ce8131d3\Blob = 1900000001000000100000000351b6fcb110800de1f02d69e887f5190f0000000100000014000000b66a102d690ad2e5f44aa94295b80c17e66d69d80300000001000000140000006ece44f1b40321cf3a59899e84690b18ce8131d3040000000100000010000000741f4a8ab8ee1c3d5dc0e984e33f6ad014000000010000001400000028aae4fcdf5d8a9f0b590375d420e6280e3796c60b0000000100000052000000530069007900750061006e00200053007500700065007200200054007200750073007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000002000000001000000420400003082043e30820326a003020102020101300d06092a864886f70d01010505003081a131373035060355040a0c2e53697975616e205472757374204e6574776f726b2043657274696669636174696f6e20436f72706f726174696f6e31333031060355040b0c2a53697975616e205472757374204e6574776f726b20436572746966696361746520417574686f726974793131302f06035504030c2853697975616e20537570657220547275737420436572746966696361746520417574686f726974793020170d3130303330393231303030305a180f32303530303330393231303030305a3081a131373035060355040a0c2e53697975616e205472757374204e6574776f726b2043657274696669636174696f6e20436f72706f726174696f6e31333031060355040b0c2a53697975616e205472757374204e6574776f726b20436572746966696361746520417574686f726974793131302f06035504030c2853697975616e20537570657220547275737420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a02820101009473d638d1534f1764c4a9a169de6183a0e784f99bd7bfa83431057c0090506a45ce0ae918e0e4b0125cc6b3d619183cb1d2aac3b3f5243b79c07e0b7a6a3d71cd0d756b25cb415d33fcfbfce768b7b0f86e4fe6513a7f3dab2554381efe8ba44921b500093e15f1b4fa3e5a6c271bec2b31c8847771c28fe0667b2515c9cbc93ec69f94ef88879706bb9413f6e1e44af34c1c66f7f39e2d3888c3b7bf3046007c504ca958accfda0fb5b4f7ff739ba3a5360942cf64e05d02b8e9c9191baf30a38a5cb53fdf029f782e9f404bb2b99025698a045f232e69bc902bc8f9aa3460fe3e7c0ede3081888b4f0a5902979e81044277108b073cd833b339ea07fc1d170203010001a37d307b303f0603551d200438303630340604551d2000302c302a06082b06010505070202301e1e1c601d8fdc4fe14efb7f517edc65705b578bc14e66988153d1673a6784300c0603551d13040530030101ff301d0603551d0e0416041428aae4fcdf5d8a9f0b590375d420e6280e3796c6300b0603551d0f040403020106300d06092a864886f70d0101050500038201010093410c38692a20c70a8d2d601f719709674e493c91feffd2b7170906fb9094831f2a348b01d994ed43140b17467fd5ba6487927b1ee18c267bf1a049a81153c7775a715c39345ae753ad73e6a426124a04b6b20ba82c20b1dea315bf83a4da29a02d9bdef2d804e9dcfacd19df17526656967f57a1119090a1facefb56d9c924b39a9b3aff3d94dff634ae4ae95c247797865cfdde6b9e6645cd5b756421ce8ffc30d50c6b302a9a317fec4b5d567d03684dd72949ff49af9b62e7acf8deee8dea4d2ed6e58b37e0f656af99395514e35ef3cdc8576bc6b2964e30b49ee5bbb7b5eebc47367fabe6c25302063b855489c58090879e8364ecefc1a909a5ad2613	9020f0af4b2dd7a22cdc3962632507a6.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\1fefb792e59f4812559667048df11d9709822fb9	9020f0af4b2dd7a22cdc3962632507a6.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\1fefb792e59f4812559667048df11d9709822fb9\Blob = 19000000010000001000000067cbb421b3257b6c39a7d1324548709f0f00000001000000140000009a656070a3009f445a3efdb44679dde89cc957570300000001000000140000001fefb792e59f4812559667048df11d9709822fb9040000000100000010000000ba5b647acbace5d526d26003452bbd9e140000000100000014000000ceb131e7172d0a5bc4a91988f968cd152d3029fa0b0000000100000046000000530069007900750061006e00200054007200750073007400200043006500720074006900660069006300610074006500200041007500740068006f0072006900740079000000200000000100000027040000308204233082030ba003020102020101300d06092a864886f70d010105050030819b31373035060355040a0c2e53697975616e205472757374204e6574776f726b2043657274696669636174696f6e20436f72706f726174696f6e31333031060355040b0c2a53697975616e205472757374204e6574776f726b20436572746966696361746520417574686f72697479312b302906035504030c2253697975616e20547275737420436572746966696361746520417574686f72697479301e170d3039303830353232303030305a170d3439303830353232303030305a30819b31373035060355040a0c2e53697975616e205472757374204e6574776f726b2043657274696669636174696f6e20436f72706f726174696f6e31333031060355040b0c2a53697975616e205472757374204e6574776f726b20436572746966696361746520417574686f72697479312b302906035504030c2253697975616e20547275737420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c9ce15732477ca7221676c08acfacc115793bd190cd3b8beeb820146ef8d79f149395cd240cff82b9c90ebc42a0158a09184899c637cb6fa8831d9af7f4435017813e8e5eca92540933f52b7dc6086baa3835db373616db5b9906caf03e4725db88e6144b852730827381f8539cdefec1b21a4e1a72078fb0b025e77f3f81a91c96089fa4a18c4de6ff5f2fbad1f164beca53a8ee796c3dc1ac4cf973a2c0eaff31041d19a399e873395fbd263fed3b1c5b94d98577bec70ce0b2cf24a4002f42915a483bbfbcae7a8902ca1105408892344a8262f29ac5ae58ce8d2ab30c96ac19e6cfb0ddc5152cc85ecb725c47717e2df327cebb99c9fb13d55c500cdbfdd0203010001a370306e303f0603551d200438303630340604551d2000302c302a06082b06010505070202301e1e1c601d8fdc4fe14efb7f517edc65705b578bc14e66988153d1673a6784300c0603551d13040530030101ff301d0603551d0e04160414ceb131e7172d0a5bc4a91988f968cd152d3029fa300d06092a864886f70d01010505000382010100811b1ff30dc635efcaba3b8a3aa06b0d5c816a02af0d21c4272175669f5f920a18c2ebbbbfb4332b58d687fdcb7ad805671499c25e2f0648e60324b2cfaf55bbc1ba885d009452ac0f70a8081093dd44c86ed0898fe85c047a7fd6f675e85b06ca6b12be1adf38b1fc40242d260f72795993cee84721fac8c0ed55e102c47b5fca42012b4ba6340bed63757e2390afaab683924745220a06901bd7033b3d05ee5a778b2b8e3ef9ced0bc53cc188da5d732d8d2192e2967f4d01840d6c5bc25ece7a9b6c052b4a88074e63cb26f8a965a3b8393e725e993fe3a6ad8311fbef5fe7e2b456b19274b9ed71016f73359517c23a0ca6e238792d1732dab8fb60e5aee	9020f0af4b2dd7a22cdc3962632507a6.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3424	9020f0af4b2dd7a22cdc3962632507a6.exe
3424	9020f0af4b2dd7a22cdc3962632507a6.exe

C:\Users\Admin\AppData\Local\Temp\9020f0af4b2dd7a22cdc3962632507a6.exe
"C:\Users\Admin\AppData\Local\Temp\9020f0af4b2dd7a22cdc3962632507a6.exe"
1⤵
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads