98c32b31f3eeb704a524c3792f592f7b02a10be1798e9a18cdf68ce6179c2f0f

Analysis

max time kernel
91s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 23:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-07-06_293bc933705d8a96f550b0a155ce99bf_ngrbot_poet-rat_snatch.exe
Size

9.5MB
MD5

293bc933705d8a96f550b0a155ce99bf
SHA1

75884face5c3ea568092bdd9d3a315cc663621d3
SHA256

98c32b31f3eeb704a524c3792f592f7b02a10be1798e9a18cdf68ce6179c2f0f
SHA512

694fe32a7212ab0757aa77ecfaeac72ddeb316d17a553c36653cee3299075a2b80b8557ab8c2aeea9d081e9e1219c6f09e3e61ec256c724cf22edba36fbb4117
SSDEEP

98304:CUOTeNBOib6AW5OhQwv9C8DPBVuEU1oCR:UeNBOiKw7L6

Score

1^/10

Malware Config

Signatures

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
2976	reg.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2976	2268	2024-07-06_293bc933705d8a96f550b0a155ce99bf_ngrbot_poet-rat_snatch.exe	82
PID 2268 wrote to memory of 2976	2268	2024-07-06_293bc933705d8a96f550b0a155ce99bf_ngrbot_poet-rat_snatch.exe	82

C:\Users\Admin\AppData\Local\Temp\2024-07-06_293bc933705d8a96f550b0a155ce99bf_ngrbot_poet-rat_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-06_293bc933705d8a96f550b0a155ce99bf_ngrbot_poet-rat_snatch.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\system32\reg.exe
  reg query HKLM\SYSTEM\ControlSet001\Enum\USBSTOR
  2⤵
  - Modifies registry key
  PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...