0e06e9585cc9db33ee999ca4de668ab64ef6e9fa928ae6541b2f1ec68ff09da8

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
Size

5.9MB
MD5

f97d9e4da358b905fb068bcc044573be
SHA1

00905551c0db6102a02ae65c7e202b94e987cb86
SHA256

79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00
SHA512

4936ca488024d81f84192b8ab7bec4500eb4ef71d61d3e4862e8b140f9e887120c9d671882ed442cd1d7699fe4c1235ef90172c0d619be720ef24e842fa3cdc8
SSDEEP

49152:7raLTtbKnm4Rqa1Dy1J9EJIaGNxRHxIZuDufzGo4Mrbf460DHVwggVJm4I6pMT63:Pal+FYa1KyJIaGNPRauDo5PA60tA6/i

Score

1^/10

Malware Config

Signatures

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
3116	79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe

C:\Users\Admin\AppData\Local\Temp\79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe
"C:\Users\Admin\AppData\Local\Temp\79fb1d00ef9d85e958a17fd331b23dec507e4f2e2c150fd580d0668b84d29d00.exe"
1⤵
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads