a2bd57f90d3e2339b6bc09641b6aec696ce4f708261f7a58f675e51cea028ebe

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

server - strings.exe
Size

497KB
MD5

a0fe5bfe79fcd7d20144164ff45440af
SHA1

7c0babb19b640b5a047879ce4463ca4871baa1aa
SHA256

91d5376675fbe9fc845b71ea9ffd0fe886c3ecdb1fd8157f8d4dfba64e36064b
SHA512

fcbf36433f07db2673f6f47c71653f20eb78a6269797adc021bc84f440e253f8bc010fdbaeca909fa19c751d4a826a90c1ad62cf76f31c68ccad0a953dd3684b
SSDEEP

12288:+oqYCS3py+MLYTSrE8NrY+7G63XqDkwBWKsafOL2eX:+oqY7grgarY+dXqDN4KsafOL2eX

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\y3k rat pro server = "C:\\Users\\Admin\\AppData\\Local\\Temp\\server - strings.exe"	server - strings.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\TMP32$1.Nil	server - strings.exe
File created	C:\Windows\SysWOW64\TMP32$2.cfg	server - strings.exe

C:\Users\Admin\AppData\Local\Temp\server - strings.exe
"C:\Users\Admin\AppData\Local\Temp\server - strings.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-3-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-4-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-5-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-6-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-7-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-8-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-9-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-10-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-11-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-12-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-13-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-14-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-15-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/1740-16-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads