Analysis
-
max time kernel
162s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14-03-2024 22:32
General
-
Target
c9c94e7de16ae088cc9bece32c264812.exe
-
Size
171KB
-
MD5
c9c94e7de16ae088cc9bece32c264812
-
SHA1
a05982bf41654726e8db9a910b6fb4a8aba4fa81
-
SHA256
9a81134b3c673ae7acec80878e046efd88a5fd616a9409e40954d9a265cd7761
-
SHA512
0405116b797e2e43f8407aca721981f422175480be2c60758d406569372a25adf37ad9f577af748e6c906d3340fdcbe7e2561040c0aa88c77d579ac48da9f364
-
SSDEEP
3072:dcH4QQKq6uewjct8lYpiYWbSsuQhaP4FGWNG3kUD7hJzIyjLhn3WLf5HGmC:+hQN6ujXYppWbSNQcP4FGkir5JzIShnR
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Drops file in System32 directory 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9c94e7de16ae088cc9bece32c264812.exe"C:\Users\Admin\AppData\Local\Temp\c9c94e7de16ae088cc9bece32c264812.exe"1⤵
- Modifies WinLogon for persistence
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeC:\Windows\system32\explorer.exe2⤵
- Modifies registry class
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\c9c94e7de16ae088cc9bece32c264812.exe.de.bat2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263B
MD51502496305fbcb680c51aa65cab46e66
SHA102f36086e9258f947e5383c158f4fbd573cd3132
SHA256d6a67411c9ecff318dfa50492d43ccd7b78fd3af45da376c816065734d148bc4
SHA512cafb885db42698c0e8295ddfa8cde9add5cdb1b64134d3503d88268b55b7158e27283e1c327d4eb8a24ebbd5af46797a173f9a6255c8c6558804e59b075f6763