5e2fa7fb839bac257a8a0d02f8dc29e92726dfcf7264105141d855e8954f0638

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 12:13

Target

Network_Firmware_R620_40NTK_WN64_19.5.12_A00.exe
Size

15.0MB
MD5

9f295ac834c721996c1d26dda6723616
SHA1

5b64aa9ef7065341574dbc1924de54d0d06db0d2
SHA256

5e2fa7fb839bac257a8a0d02f8dc29e92726dfcf7264105141d855e8954f0638
SHA512

bb10ce7c2e2bc0cb6023047cb3a5568c936850e7b9043a35c9ac21d25af420e4d4760d412a6c0bc4044cae29120028d93a3aa4aab53521a26eef7ebc5a338b28
SSDEEP

393216:nR6rIV7exHWidmqwY4w1lt7OSmyGKCVtsNK5kOFEQA4iA:nRNvp1Yl9m3K+tsk5BFEVY

Score

1^/10

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	Network_Firmware_R620_40NTK_WN64_19.5.12_A00.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveAutoRun = "67108863"	Network_Firmware_R620_40NTK_WN64_19.5.12_A00.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "255"	Network_Firmware_R620_40NTK_WN64_19.5.12_A00.exe

C:\Users\Admin\AppData\Local\Temp\Network_Firmware_R620_40NTK_WN64_19.5.12_A00.exe
"C:\Users\Admin\AppData\Local\Temp\Network_Firmware_R620_40NTK_WN64_19.5.12_A00.exe"
1⤵
- System policy modification
PID:2308

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact