1cdf0dcd13a46906d73588a4f2ef20637d25706ce90b53a7b6f1701c28cb3596

Resubmissions

26-03-2024 14:35

240326-ryecksfd5y 10

26-03-2024 14:27

240326-rse2xsfb8y 10

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe
Size

48KB
MD5

84ff01e9ca8fec60ba0c7715ca378336
SHA1

8bafa6673b762145b008496467a9ad8cfc18e4b9
SHA256

cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348
SHA512

668be10b19fd0f47a0409ab0d46b5d078122eeb602452c37bee27970495ec9b8ae20e598b4a4d530a976dc80948be0f6d50e6fec78303941f4bf40df180e4ed6
SSDEEP

768:NZ/MQ+jmgyuQY6y4ViNpc3ayjctUp79Glm:N5MUo4qK3wlm

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\UninstallPMT = "C:\\Windows\\System32\\PreUninstallPMT.exe /s"	cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe

pid process

2200 cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe

pid	process
2200	cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe

C:\Users\Admin\AppData\Local\Temp\cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe
"C:\Users\Admin\AppData\Local\Temp\cfe55dc501afeb1e83c683ec596be33878597e8d318f8e9739557af1f208b348.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:2200

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads