fa3dbe172cb9268b5d5b24ead0c32c26c25fb5d5b56fa72348b9099bcd429645

Analysis

max time kernel
301s
max time network
301s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21/05/2024, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Packet_Tracer821_64bit_setup_signed.exe
Size

227.3MB
MD5

12617fe807c3e4bfa5b0c4748c3b6ff2
SHA1

b13af13de273d9ae41a6113aed93b965f6d14908
SHA256

fa3dbe172cb9268b5d5b24ead0c32c26c25fb5d5b56fa72348b9099bcd429645
SHA512

51ee864ce8cb48ee6645e3b7fe2086f950512035883e7bde39b57b320f56b9125468a8dda7f50557b5b2dd0dfba825f864622e3d5177f86b72dc1d57a6589c61
SSDEEP

6291456:IZ7Mx06hFIDSblcjmwGsUGK4ZXW0lzwjZ:Iix06MWclG/GK4ZGc0jZ

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\search\is-GI81V.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-AKQ8E.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-1V9OK.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\physical\big\is-2RP2C.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-P6PMT.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-GHLK3.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-48UN3.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-1KRH8.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-ASE0D.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\IoE\Sensors\is-7Q8U1.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workstation\is-NRUSG.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\physical\is-JTCI3.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-9JQEC.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\IoE\SmartDevices\is-96325.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\is-NTFAO.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\Wireless\Wireless LAN\WLC\wlc_pt_two_wlans_wpa_radius.pkt	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\html\meraki_server\is-NFDGH.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-P8HMA.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-5C84S.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-P84K9.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\templates\is-N7NHE.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-A8A6T.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-6G090.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-UJAO6.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-J9J7F.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\is-VM1FF.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-LG3CI.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-14Q99.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-A0KA7.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-IBD8M.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-6ATKJ.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\04 IoT\Solution Examples\car.pkt	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\IoE\Components\is-PT7TB.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-NVQKL.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-VDJGA.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\is-7ASKR.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-JB0CK.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\linguist.exe	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-OL01M.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-QQMME.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\templates\Smart LED.ptd	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\flowcharts\is-FQ2CM.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-PLR37.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-DIU19.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-F2GJ5.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-1U3UB.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\search\is-2289I.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-AAN08.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\qtwebengine_locales\is-9OR9R.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\is-ETUF6.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\is-R4VME.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-FP02D.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-URR7K.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File opened for modification	C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\Wireless\Wireless LAN\WLC\wlc_3504_two_wlans_external_dhcp.pkt	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\ComponentBox\is-JBAKG.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-QU4SU.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-8U8LI.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-8869C.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-DTO9O.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-JLBO6.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-AETIL.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-8MEL8.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-VJC3K.tmp	Packet_Tracer821_64bit_setup_signed.tmp
File created	C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\IpcAPI\is-R05FM.tmp	Packet_Tracer821_64bit_setup_signed.tmp

Executes dropped EXE 1 IoCs

pid	Process
4628	Packet_Tracer821_64bit_setup_signed.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 57 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pka\ = "PacketTracer8.Activity"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\shell	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pka	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\shell	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkz\ = "PacketTracer8.PKZ"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" \"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" \"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\ = "URL:pttp"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkt\ = "PacketTracer8"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 8.2.1\\art\\pkz.ico"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\shell	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pksz\ = "PacketTracer8.ActivitySequencePackage"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" -uri=\"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkz	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\ = "Cisco Packet Tracer"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" \"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pks	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\URL Protocol	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 8.2.1\\art\\pkt.ico"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\shell\open	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 8.2.1\\art\\pkz.ico"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\pttp\shell	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.Activity\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 8.2.1\\art\\pka.ico"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\shell	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" \"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\shell\open\command	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequencePackage\shell\open\command\ = "\"C:\\Program Files\\Cisco Packet Tracer 8.2.1\\bin\\PacketTracer.exe\" \"%1\""	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\DefaultIcon\ = "C:\\Program Files\\Cisco Packet Tracer 8.2.1\\art\\pkz.ico"	Packet_Tracer821_64bit_setup_signed.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.pks\ = "PacketTracer8.ActivitySequence"	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pksz	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.PKZ\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PacketTracer8.ActivitySequence\DefaultIcon	Packet_Tracer821_64bit_setup_signed.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pkt	Packet_Tracer821_64bit_setup_signed.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4628	Packet_Tracer821_64bit_setup_signed.tmp
4628	Packet_Tracer821_64bit_setup_signed.tmp

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4628	Packet_Tracer821_64bit_setup_signed.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 4628	1292	Packet_Tracer821_64bit_setup_signed.exe	73
PID 1292 wrote to memory of 4628	1292	Packet_Tracer821_64bit_setup_signed.exe	73
PID 1292 wrote to memory of 4628	1292	Packet_Tracer821_64bit_setup_signed.exe	73

C:\Users\Admin\AppData\Local\Temp\Packet_Tracer821_64bit_setup_signed.exe
"C:\Users\Admin\AppData\Local\Temp\Packet_Tracer821_64bit_setup_signed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Users\Admin\AppData\Local\Temp\is-QMHL7.tmp\Packet_Tracer821_64bit_setup_signed.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-QMHL7.tmp\Packet_Tracer821_64bit_setup_signed.tmp" /SL5="$50228,237300973,832512,C:\Users\Admin\AppData\Local\Temp\Packet_Tracer821_64bit_setup_signed.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Cables\is-LSA04.tmp

Filesize
315B

MD5
eea645506419ce8a69b065202a7c0d08

SHA1
5706261556997c040006e47328d964d4605c8ce6

SHA256
22c6bfaac607f53a639807ef543d0b5204912bc34c9221fad837a6a70070fec3

SHA512
cca3a0d8daaae4a4b6e9e970f264310e95e4704c124fe13ef89deaac62cd63bcc4706d27b828e81698998b309ce481675c6711dfb69b70cb2db2c59d38eff933

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-3MI59.tmp

Filesize
2KB

MD5
056734550b0efec0f7da59965b6b8142

SHA1
9ad594255763651b00c710ae0965ce5cda668799

SHA256
cb2579a068ad0bb6a4cda5dec48a29e311d239f679f686ded3056cdced019928

SHA512
8da2837d4cd7c5670eb434c34e1da083057be1cddee14fbef87d6ee4beee21c92e4d8d1f41efa304049bf88359acd54780f5f7aed6275c9489ae00f07d6d373e

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\Devices\is-IL5K7.tmp

Filesize
2KB

MD5
0c100c426c446d480b807ae3551060e6

SHA1
6d4086b1ce6f3ee9af25c748eb49e9533ac19d9d

SHA256
c178794e00163ddd37a24323bb2a23fa033b5c9fe89976ad5fee8396f65010b1

SHA512
008db45170f51c0c95311db8f75d72348df421b055e1aca2fa5b1dcac442483e26356649070d7c525ce604107903e8b7a763e6061ec1a98bc35a530645e5646e

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-4IAD4.tmp

Filesize
3KB

MD5
4c0c80e1fb4b80931b85a74740adef2a

SHA1
03a1ec4355c51da4e39f1066621cb5c78e9edb50

SHA256
fbf01e06b9e61bab5d7ad99304e298f05a320a57aa86557f0bed2d54c7eef3e0

SHA512
00a8a3f451fd1b5271675ba85cfeea0c276c7e44eceef3fe24d755c221e35e7dba92fda44e4bc1f4ef75a9a619da67343e299161f6520a4176446d40b85a5227

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-8P7F7.tmp

Filesize
3KB

MD5
b47d62bbc1da9670fcb42055057684c7

SHA1
34e86cd9a53f5bb8a89d1971e960bfbcdfc6ccef

SHA256
ecd7f8f2d6b89a1e74313ad74e55766dfee58cb271930e0fef9326cfea8f7c4b

SHA512
cb3673f15c7289e03c293cc77206bfa7fbaede75cc2a31f4d40e5704621d2dc83ace9958531d17091449e5a7eefa1088ac3d35d2cd09ec181de41fb6699c4520

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-CB0Q4.tmp

Filesize
3KB

MD5
a8fc45024622a74dcf62760cab25bf76

SHA1
23462b44066d6fb30e0baf29b445ce2c2d40e5c8

SHA256
640915b6c8bfd69bbff5a582361a70b38a59525b11235ead3da482ea4d6c3ef8

SHA512
e5d89254987717894ee312dfb63c65adea58dadc6beb5cdfcfc2d833822c00de0fc9dc784ad43936af2fcfcd0179a519a39b5ba4eb653d76a39ff953829d0734

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-IK571.tmp

Filesize
3KB

MD5
cd008c299203f56f92017462b58997bc

SHA1
9b4f47f09b91b92d36ec329563b31acc75c14cc0

SHA256
111ca722d4bfb8716d0fc39df61ce91f19289f15669b4a37f39b69fa37dbc3be

SHA512
96892830db7905e5cd390c8372a69d4e87c122e144e9b430c203dbeff2ea5723ec43f4d3c2f1d73c1a72acebd7960501484200ee94eed7fb4c5ff8faf2752b2a

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-IU7U8.tmp

Filesize
3KB

MD5
511a1f66428bae133373b9f54c955470

SHA1
8fe874be50b754155921a9c9d57ae5766a4d1309

SHA256
dad20606b3b828be8db1af4830f90c5aa85c171e60f7eea6fd1688796a0e4d34

SHA512
8560a4911d3494ea02dc8d30bb8ea0bd20ab8b9a0f85a42a111ab064465fd946e874bf369d2c91556accf7b54b8cbbcd377fe4eff395f6554de419443ab6525a

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-JSR90.tmp

Filesize
3KB

MD5
b4a980b6d22faadc34644b7ea05e058e

SHA1
bd179dbd402cc3ef8db5174a7cd02ea27a8f8cd1

SHA256
0ce8b553e69497e6dc7431d58e6e9a9d1c954e775075b8ef51c9dc5e6e4e4b56

SHA512
7018a13e564a97b3a40a1ca4129964723d63b9f15b1779c229242c6d6f2d0fbc5c4730714d25f6bac99b78ef2e52a22ed0815f76435e356f3b557a325f4d3cd3

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\PhysicalView\is-N08CA.tmp

Filesize
3KB

MD5
875f74d98f259e0bee8b96b79a585096

SHA1
00e573dd9d7ca63652134e6f1c3dd58b28b3e5dc

SHA256
c55797bee1ce875374bc0d8d22294a5b9b016c82ee9a578c7b5de9623661be36

SHA512
4f9707369ad785001f6e8f1c7e91f16c498bb1ba4b3ec57fffa2bbfa9a3b73e310f9495a16514bb59cdbce3b5903f2d49ba7c59c9e6565cd8600995f294737d8

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workspace\Logical\is-6M7V1.tmp

Filesize
3KB

MD5
4368ca824f1ef9ccf4e646a3a21c6e9b

SHA1
92a95e77d25ccecfc23be7296032437011410786

SHA256
f6b0e86adcef275af7621b979e2ba9b2d6101e36d4b36bd66e5b7a70c3519a5b

SHA512
82d51a7af55af7b0b5d0f16529fa2791c42c4b1f5e17e349be7087c362ba73aa4315c1e6ab2c7072e1379c070a480281136eaf2ecf35fba2699065976616d4fc

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\Workspace\Logical\is-GEF47.tmp

Filesize
2KB

MD5
aebbdf1c2d3b77145019687d8affef8b

SHA1
7d6dab66fe1aa8e909301ff759181c1a3c788a1c

SHA256
e26dc76fdadc5a656b70c0c8df216026fd7f2b47f3cd717897f5d144a9507eda

SHA512
09c1194c966d1e6d3b1ec707cb8e312b4050e55ace370253627cf602dbdf920c732fd59633bdfad050c1f8fe321b88b9b702e5c0de8e3a7d232deb77f0cdafba

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\art\html\wlc2504\is-GRI90.tmp

Filesize
22KB

MD5
5fa4aa9f25f358fccef0909b97918171

SHA1
351f547912c645798421de9187e57134318a7e2f

SHA256
a50d2a3175f47f399b402b1f036e48f8e411b2564a15982af30d7c52a7e70c9f

SHA512
40761e292420b3a24ff6802cc7b70703bde92bd060dcc38a351f599962e8dd512f1695a176d2f6c1e797e9f6a084170463a26513be0510ecd763087b489699fc

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\bin\translations\is-EKSUL.tmp

Filesize
16B

MD5
bcebcf42735c6849bdecbb77451021dd

SHA1
4884fd9af6890647b7af1aefa57f38cca49ad899

SHA256
9959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85

SHA512
f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\Scripts\is-GSPD0.tmp

Filesize
950B

MD5
b5313ab6e8cada6848fb7507a2628243

SHA1
a3408abec061b9c5a8eca4e9e201e3e8f93b7f77

SHA256
b81b6c1abd613d998a21e44664db0a5fd884188512508ccb049318ad47a43b69

SHA512
2c61ea76287e06e66856d215dd885558d3ba9d553d9f0aa3841b27fc973fe446026fe4779f66943d9454e8d2870daedebef2550a05ed77731becdc21be5e75d0

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\Scripts\main.js

Filesize
952B

MD5
db810f1a889f844222f85802155e2017

SHA1
5f1ee7037036948c5c38340255bf998af6634c68

SHA256
c39923c7a8964d5d922434909e237aaa3164185492eb305ddfdaa937f2923c3c

SHA512
d40722624b0b0e39c74829368189e7ab73a3713fb7a94f6b9892fa98f07ec7021d63cd92520848f5050fb2929ba03bf0704da83d65dc34ef14eec94439523b55

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-7VJ5V.tmp

Filesize
204KB

MD5
c43b571e3b229c9f4d02a200879207f3

SHA1
b0c45c80cb8f2cbdd1836994cb1e7d7341514718

SHA256
6f7484c59629f846127e926bcb54729e4cb685f1c067765e12e9e2411b0b360e

SHA512
0de3631f839c1d2d9720827a503853246be8f1b4263f497d3b2fd947248a7ec7b6214efc8ba9e25a9e62168d19bdad1318d4765d11ebe04b918c5a45016044d6

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-ETCOU.tmp

Filesize
93KB

MD5
68ce684fd988d943a92ae388a1eb7f13

SHA1
178adb6cd67cbb741448fd211a816fa0f41ceee1

SHA256
08bca539c8d44f4195d406efef4d414d25ce5e35c6d12a7c7a89b9470bf9f8a5

SHA512
d4a9539a440337f27882f6dd404781d5d24f88d786f51db1116409d8058aefe5033d00e97ee97a29270eb6a7f1d7c8359eab808876f871e18d81a5147e85c104

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-GG77P.tmp

Filesize
69KB

MD5
2a916fb4255f2c41b43cd1ef35db5d37

SHA1
536bb714361077b97c78981bbe915a5bf8b4039a

SHA256
ea33ae3b4e6acec9f74b7116e94b656176e7fbc5c0c88d1fbb7bc96d9b99acb5

SHA512
3c485a1dff37a2d5586835759302f263a840eeb0e27866ec6e1d734c54d5122e62e65920aafb0127e1f2e1f6995cc0d602767bb41163856fb9b2690560a59b25

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\help\default\images\is-MQCR6.tmp

Filesize
85KB

MD5
e19c8576c67988c28bd5388087008920

SHA1
61d82910fc8791cdd39361206de2c61af0831fa8

SHA256
5f4bb265aa7c2f63cf77203a5304890ee079c8f6422b201423732954559e8cb6

SHA512
25b64f2e861bde7c38afcb35e1e34ec11c9ad20627a1ba7f5df2df5d71a23b0cf3c536e61b0168b7a41f77f4960a85cfe0bb22238d5cd03fd646fbb1935cb0eb

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\HTTPS\image.jpg

Filesize
43KB

MD5
4e52c3f22d7ceccaee688583c23bdd1c

SHA1
1fa80d2b69babe34b52a9bbde8263329928e6704

SHA256
0977417c56b884add248b67adb91176b4b0ed6c7dd42859b87df9992321713c4

SHA512
36b4d1984c096047bc730b5c2c2a2e5797cd1f6c74e613becb06f7796bf9dff526ce2dd9550c07d0c4fb48a55e0323a854e30701763d9a1c2730eb2f6e2f859f

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\HTTPS\logo.gif

Filesize
689B

MD5
433bf2c66708b90b589f7e704e5d3d36

SHA1
1635a9b6fd442cd77905fd5003350e5d727dd055

SHA256
0b841f1def18f7fae65b40316002f08fe069e33744b4a33f435d20aade13938c

SHA512
9578e646e39053a94d51825bec9fe2bc1b79229729c36f5e6533c4fa753fbef2c459947341c9584d3a0f8c0855562f02df40b7ead7c54bcad4df2c80cfefa3eb

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\01 Networking\Wireless\Cellular\Cell and Wireless Path.pkt

Filesize
38KB

MD5
6f02dcc157b5bf5acc529a0e60fed0fb

SHA1
68d7b681e1befabc017a2b7dec7f5a1aca86e49e

SHA256
83cdc4b4a7fc4bdc9a1fc5ee03f8358e2c97acd35e4532ff001fd340527feaa9

SHA512
9d1df9d9f323ba73ed4f202c94081e25d92437cb8d84c7194e806e14c9b8a2c51d375074923e254a9fb4e976de7c94a63c01307de18996810706f83fc6abe7b6

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\saves\cscoptlogo177x111.jpg

Filesize
7KB

MD5
666d5f57c37f04b561369b27ba0a316a

SHA1
791c30566b1fb93ee87585741ff325bd5b043f93

SHA256
d35a3d1446eb87bd65ffe43f169f87832c4a4f0385358b76ae693a3840e08d26

SHA512
7a70b0fd1236ff031c4b7d789bf25aeb67dc8f7b627657f90737c3637638c251231ea848bdc5f9d4186e81c84b9378e42686891c536fbd00a5c02b46c6105c24

Download Submit
C:\Program Files\Cisco Packet Tracer 8.2.1\templates\environments\Default Container.xml

Filesize
121KB

MD5
b9584e4d580160bc906a426775bb7b36

SHA1
69751a6bfa1286c2a2dbe7e78027abbf37d64409

SHA256
15daa3cbe6d39b1e6bf906a7b9226b8a3f648075d21f8563dd49594553545dcc

SHA512
6bfbb49eacc6323e5064893e774b3fd2b02cf0f05f39bc0f022282479c552c2fd435b45e7f9c2571ba05f7b474b023f9a7ac7068d4a5c28dd161d18e2938535c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QMHL7.tmp\Packet_Tracer821_64bit_setup_signed.tmp

Filesize
3.0MB

MD5
e382c49d56363e2e32cb7ecda842b1e9

SHA1
137020473600513d20b34f391b3645b3255a7d06

SHA256
9d0fcf7251aed24eee3cfedd6ccc8a2ebe349bb1b282e20b2d282e6e588de330

SHA512
17d488a349444508ba958ff57962f00fc71e05fc3eeb24f3fc9fea85d154ae79c13855993b3cb0628f1f268777843f9b1931e6068bc09d40b3cd3bfd29cdb1aa

Download Submit
memory/1292-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1292-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/1292-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4628-3062-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4628-5170-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4628-822-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4628-6-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4628-11995-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4628-9-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4628-12937-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download