390c8cffa61c16bd34b3f0a2c80145b29f1a840104a3f094267518146a84eee7

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d666d3c01e0c5ce7b27561af1d6fd96a.exe
Size

9KB
MD5

d666d3c01e0c5ce7b27561af1d6fd96a
SHA1

f1c5ae9d4846d5ef2f9d19cbc44ebb7d7092f23f
SHA256

390c8cffa61c16bd34b3f0a2c80145b29f1a840104a3f094267518146a84eee7
SHA512

8fdd6967d42602a2f1bd8595698a475938d6b3eb5e42289f0ddf5c30d051d6b330c252dfae4c7ed01f4b51b0fbe6c44de32b3f6df17abfdf2e3e86a3b8297002
SSDEEP

192:1utWtTtrtPxtctUtbt/tftStKtethtltZt8xtltFtatpt+t8tTtLtftMtAtEtdos:1u4xR1xyqJNts0ojHLOxf/0ro+BJNiGe

Score

8^/10

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 3 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0\ppcimdnnnjbeahepfabjipfginloedkg egckak = "CDT inc."	d666d3c01e0c5ce7b27561af1d6fd96a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0\goicfboogidikkejccmclpieicihhlpo ejemdn = "MediaTickets"	d666d3c01e0c5ce7b27561af1d6fd96a.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0\goicfboogidikkejccmclpieicihhlpo bihgbp = "Integrated Search Technologies"	d666d3c01e0c5ce7b27561af1d6fd96a.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility	d666d3c01e0c5ce7b27561af1d6fd96a.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Safety Warning Level = "SucceedSilent"	d666d3c01e0c5ce7b27561af1d6fd96a.exe
Key created	\REGISTRY\USER\.Default\Software\Microsoft\Windows\CurrentVersion\Internet Settings	d666d3c01e0c5ce7b27561af1d6fd96a.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MinLevel = "Code Download"	d666d3c01e0c5ce7b27561af1d6fd96a.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunActiveXControls = "16777216"	d666d3c01e0c5ce7b27561af1d6fd96a.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Security_RunScripts = "16777216"	d666d3c01e0c5ce7b27561af1d6fd96a.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Trust Warning Level = "No Security"	d666d3c01e0c5ce7b27561af1d6fd96a.exe

C:\Users\Admin\AppData\Local\Temp\d666d3c01e0c5ce7b27561af1d6fd96a.exe
"C:\Users\Admin\AppData\Local\Temp\d666d3c01e0c5ce7b27561af1d6fd96a.exe"
1⤵
- Manipulates Digital Signatures
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads