84e1f44b0f4da8d45c8f29cad5d9a7e8fe382321f76fa1b3e665320ce1031e5d

General

Target

lil Solid Diagnosis SW Global - Ver11.12.00.10.exe
Size

19.1MB
MD5

6745034c03f5e1b121d2322424343fc8
SHA1

563a99b903deb018edd6766be8e08d645791a90e
SHA256

84e1f44b0f4da8d45c8f29cad5d9a7e8fe382321f76fa1b3e665320ce1031e5d
SHA512

8b89be2ddd5e2cf840bd60c433963176be360de469504be15ffb2bb5bbc9ac4679406a0ec245e1fb9b1b6c9fdad09f6cca9f10ed4a008966e64f224a63be05c4
SSDEEP

393216:37yrDqYB+ocV1yJHEux8Gyv6qV4M/sOvcOMdfv/QjtpwPY7ET3G67c:LyrqocV1yJHEK8Gyv6qawvrtKPdG+c

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\C9FEFC763D9548B487696F047ACBA0ABE45C7BC1	lil Solid Diagnosis SW Global - Ver11.12.00.10.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\C9FEFC763D9548B487696F047ACBA0ABE45C7BC1\Blob = 030000000100000014000000c9fefc763d9548b487696f047acba0abe45c7bc1140000000100000014000000a58cfe32cceb0f2cd419c608b80024885dc3c5b7040000000100000010000000b6d2123efcd2cf87c8676df13d48cd300f0000000100000020000000accdaa26caf1877c5a376d1ae7333d52fcaa751be46e1928a551d589914bf5111900000001000000100000002b3d44ff3998123019ba97abc6bba9765c00000001000000040000000008000018000000010000001000000014c3bd3549ee225aece13734ad8ca0b84b0000000100000044000000450032004300360043004200410046003000410046003000380043004600320030003300420041003700340042004600300044003000410042003600440035005f00000020000000010000008f0400003082048b30820373a0030201020210090ee8c5de5bfa62d2ae2ff7097c4857300d06092a864886f70d01010b05003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204732301e170d3137313130323132323432355a170d3237313130323132323432355a305e310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d311d301b0603550403131454686177746520544c532052534120434120473130820122300d06092a864886f70d01010105000382010f003082010a0282010100c639e098f8557ad0b46ffa336d825dcce054035b0ca20e3bd37d1c00ff8fdb700d50df20ad71022fc3610c417817547db4bd3063499ccc7691d1aee561a9e5c6dc16a35b36b869e7c83b3a98e0aceba7b0db0dd8113afa4dbd78c608e9bb580616d01e7b06a290ef45b9df21c462534b09fcc5e3647ca556a43d8be2f14ddfa14d8317a294ae9a138ca4806033365a244e9ea134e2c06290f249d2c03cacee25243b242119e8ef920cacb021d5cba0c4e7a71b81286486f3c3564e8dc21c238699010289adb2a9d3c38e02ea9c4898363c102fcb8caa3f2b3af94c82f88170703bc6dcbeeffb982cde994bb56ad7f17f95585539fe5e8fa8d976607ce6ccc56d0203010001a38201403082013c301d0603551d0e04160414a58cfe32cceb0f2cd419c608b80024885dc3c5b7301f0603551d230418301680144e2254201895e6e36ee60ffafab912ed06178f39300e0603551d0f0101ff040403020186301d0603551d250416301406082b0601050507030106082b0601050507030230120603551d130101ff040830060101ff020100303406082b0601050507010104283026302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d30420603551d1f043b30393037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4469676943657274476c6f62616c526f6f7447322e63726c303d0603551d200436303430320604551d2000302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f435053300d06092a864886f70d01010b05000382010100ba926d0a038b136f6558a44066fee2f61cbfe9657f41ecbfe16c9e0d72805eed5e7aa029ededa788a3cb0c8c24564c25990f5758d3ed8a64e0b574a8fc7755575c0b678f2b430ee3cf7fafe2a30d266104cefc6020fcc2f22fa0839b71730c1f15b6c1ff69e3203faa600f55d0ab3fa16839df9c94ca06ec617299f1dc075b95eb9efd09cf7f584761af0bf91bfc3e2e5487857d1701ce7e985d3173b18b5e0eaa6b224db73970eb3dfeeba41fe615b2e15d5939dae88570d6a87eb44b721f5e91be68bba64ab265850b38f30813b6afae58d554166e8a4c0046d63cb42555e8fa7d97755e6a006a6f67df82a349b770b44d8358408f815c6d51d5c00196895d	lil Solid Diagnosis SW Global - Ver11.12.00.10.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	900	lil Solid Diagnosis SW Global - Ver11.12.00.10.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
900	lil Solid Diagnosis SW Global - Ver11.12.00.10.exe

C:\Users\Admin\AppData\Local\Temp\lil Solid Diagnosis SW Global - Ver11.12.00.10.exe
"C:\Users\Admin\AppData\Local\Temp\lil Solid Diagnosis SW Global - Ver11.12.00.10.exe"
1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/900-0-0x0000000074B6E000-0x0000000074B6F000-memory.dmp

Filesize
4KB

Download
memory/900-1-0x0000000000700000-0x0000000001A1C000-memory.dmp

Filesize
19.1MB

Download
memory/900-2-0x0000000006A60000-0x0000000007004000-memory.dmp

Filesize
5.6MB

Download
memory/900-3-0x00000000063C0000-0x0000000006452000-memory.dmp

Filesize
584KB

Download
memory/900-4-0x0000000006490000-0x000000000649A000-memory.dmp

Filesize
40KB

Download
memory/900-6-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download
memory/900-5-0x0000000006860000-0x0000000006A06000-memory.dmp

Filesize
1.6MB

Download
memory/900-7-0x00000000067B0000-0x000000000681E000-memory.dmp

Filesize
440KB

Download
memory/900-8-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download
memory/900-9-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download
memory/900-10-0x000000000B5B0000-0x000000000B5D8000-memory.dmp

Filesize
160KB

Download
memory/900-19-0x0000000074B6E000-0x0000000074B6F000-memory.dmp

Filesize
4KB

Download
memory/900-20-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download
memory/900-21-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download
memory/900-22-0x0000000074B60000-0x0000000075310000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing