1610b38f9e5c181f90f97fd53a19553a506fea85e2275db3402cfd771969feba

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cac4acd2ac4cba226cfc612b007a6d0d.exe
Size

1.0MB
MD5

cac4acd2ac4cba226cfc612b007a6d0d
SHA1

2219af206c1034564f9b63430a25a1b4de6a41b4
SHA256

1610b38f9e5c181f90f97fd53a19553a506fea85e2275db3402cfd771969feba
SHA512

ff41a92843e02ad282a2874f256d261708a1fefa09342034b6d093bd571b3fffb1ea716d82d9be39d4d574717231a2ce3fe2c7ec922ac170dafc5b2c963c66b0
SSDEEP

24576:nncc+4S0L1P7T0Pw7F6AR58JLDRKE7AlOJ0KzMHxpr6+y:nncc+4S0L1P7gPBJLDRKE7AlOaKz8xp4

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MSNCore = "C:\\Users\\Admin\\AppData\\Local\\upNext.exe --i"	cac4acd2ac4cba226cfc612b007a6d0d.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2172	cac4acd2ac4cba226cfc612b007a6d0d.exe

C:\Users\Admin\AppData\Local\Temp\cac4acd2ac4cba226cfc612b007a6d0d.exe
"C:\Users\Admin\AppData\Local\Temp\cac4acd2ac4cba226cfc612b007a6d0d.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: RenamesItself
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cac4acd2ac4cba226cfc612b007a6d0d.exe

Filesize
1.0MB

MD5
758cc9464d218c93583b532a5ea45c84

SHA1
8abb14a19fed8a619742b5dcb0dc7f91522f1770

SHA256
80e1d5c48b62529cb3ef333c5a1b4b7ae3a76deb35502572a79a9ef5bd8c324b

SHA512
df3093aed30bb6210e3911f9300e0a01ec98d5d7fa576d37d59decdceabf9666538c088b2f2af5eae6dbe5b50b2e6da53b29ec093a6f64e48463f45076474358

Download Submit
memory/2172-13-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-16-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-3-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-9-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-10-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-11-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-4-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-14-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-12-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-15-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-0-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2172-17-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-18-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-19-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2172-20-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads