820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4

General

Target

820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
Size

53KB
MD5

3c47989e072fef3ec39602475f91040a
SHA1

3a371f0ee32fb56f4f56af8179ebcdaebd60c498
SHA256

820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4
SHA512

64573c462998440ae219371bf64692219e5500ab17d1cac0e4f1209b361a0dfd8e30fe7491e012d60030e58f5c899b54f663bb9dd72ea9e6db80c32b5daf0cfc
SSDEEP

1536:vNLg8r8QUGLI37Kp3StjEMjmLM3ztDJWZsXy4JzxPME:mGL2JJjmLM3zRJWZsXy4JN

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Processes:

seikux.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	seikux.exe

Executes dropped EXE 1 IoCs

Processes:

seikux.exe

pid process

2996 seikux.exe

Loads dropped DLL 2 IoCs

Processes:

820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe

pid	process
1644	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
1644	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

seikux.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\Run\seikux = "C:\\Users\\Admin\\seikux.exe"	seikux.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

seikux.exe

pid	process
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe
2996	seikux.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exeseikux.exe

pid process

1644 820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
2996 seikux.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exeseikux.exe

description	pid	process	target process
PID 1644 wrote to memory of 2996	1644	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe	seikux.exe
PID 1644 wrote to memory of 2996	1644	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe	seikux.exe
PID 1644 wrote to memory of 2996	1644	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe	seikux.exe
PID 1644 wrote to memory of 2996	1644	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe	seikux.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
PID 2996 wrote to memory of 1644	2996	seikux.exe	820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe

C:\Users\Admin\AppData\Local\Temp\820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe
"C:\Users\Admin\AppData\Local\Temp\820ba76bd225bca9e342d0599eb7d6da2774903256d99bb336cf531d2f52a1d4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1644

C:\Users\Admin\seikux.exe
"C:\Users\Admin\seikux.exe"
2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Hide Artifacts

1

T1564

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\seikux.exe

Filesize
53KB

MD5
fe8a7f00dbc1974143c81702b162e8b0

SHA1
02a773c976b03129c21f6e0dd66d49d7d6d0cf7d

SHA256
932f4155078d34ec6f80f4034bfdbd84f2cb60cc361bf8ab529c7ae5718f2566

SHA512
440fb553e1281e2d59aa04a45a31d9b7d4eed91105a46483763fdbf79d1838a41fa289d96ea39ad905ae6ec288a2d629f5908bc6d573943007c94d194e7f9050

Download Submit
memory/1644-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/1644-9-0x0000000003AB0000-0x0000000003AC2000-memory.dmp

Filesize
72KB

Download
memory/1644-15-0x0000000003AB0000-0x0000000003AC2000-memory.dmp

Filesize
72KB

Download
memory/2996-16-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads