a2bd57f90d3e2339b6bc09641b6aec696ce4f708261f7a58f675e51cea028ebe

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

server.exe
Size

497KB
MD5

02c3aea8f99fe8e347e3f82c87fc6a81
SHA1

9e2ab065bf9c7948f8101e9b730d42be5c3262df
SHA256

a11e9facb1cf28832cb565ff31793640db1989bf710d0391fb81fe428809d144
SHA512

a44af0ae69e6c5c155b55e0fbcf1bf6a3c2b8afe5cd9e68635596a97890aee92594c1de937165922d30cfd544d60e02a8868acf8e6908b93877e3f9ff1efd365
SSDEEP

12288:+oqYCy3py+MLYTSrE8NrY+7G63XqDkwBWKsafOL2+3:+oqYbgrgarY+dXqDN4KsafOL2+3

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\y3k rat pro server = "C:\\Users\\Admin\\AppData\\Local\\Temp\\server.exe"	server.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\TMP32$2.cfg	server.exe
File created	C:\Windows\SysWOW64\TMP32$1.Nil	server.exe

C:\Users\Admin\AppData\Local\Temp\server.exe
"C:\Users\Admin\AppData\Local\Temp\server.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2436-3-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-4-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-5-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-6-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-7-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-8-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-9-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-10-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-11-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-12-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-13-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-14-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-15-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download
memory/2436-16-0x0000000000400000-0x0000000000492000-memory.dmp

Filesize
584KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads