896ea2ed07f67a354d35d148952f331243523163dcbbe98fc81f902cef207617

Analysis

max time kernel
3s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 16:42

Target

9992516z.exe
Size

9.4MB
MD5

793570b8e5ab104155782fddd0aa5483
SHA1

e7ebdbf53dea798c097dfd2b4670fa8af4c702ad
SHA256

896ea2ed07f67a354d35d148952f331243523163dcbbe98fc81f902cef207617
SHA512

39962489ff3d4c4d3c006f16e3478134f969d76d8f398d96158e35dab4eda5f37149ffbea37e271e211e87450dcb0ad2b30c2389a54ba86e075be44365ca6f44
SSDEEP

98304:aqJAP6sdngqvC8hz4wXdwXym3SKiWNEbfBCRd9n/:Dsdng6zULleDq/

Score

1^/10

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

pid	Process
2284	reg.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 2284	3180	9992516z.exe	83
PID 3180 wrote to memory of 2284	3180	9992516z.exe	83

C:\Users\Admin\AppData\Local\Temp\9992516z.exe
"C:\Users\Admin\AppData\Local\Temp\9992516z.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Windows\system32\reg.exe
  reg query HKLM\SYSTEM\ControlSet001\Enum\USBSTOR
  2⤵
  - Modifies registry key
  PID:2284

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact