bd75ae822853ffcc0240a9435ef0d498d69f939c08c66baf4152ff81fd2fa038

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 11:58

Target

Plugins/AgentCAD64.dll
Size

192KB
MD5

86035915327ea78abc7661ebbe231b5d
SHA1

870712c0e9aadb4920ad058a80eebb1f8b12fbbc
SHA256

4a5f1a1c20051d3b2e30ecb63731b3391f105bd5532006e6c893c967644f38a0
SHA512

bf3983dd8a422b3f8ed094fcefaaa9db0b63302c8992674dc3a7da4aed2ec029796f1fc1286c099d177a15a9568bdecd42ce5544ee9d11326c2aee83094ed016
SSDEEP

6144:6fQ+S4yXmDDJDbctjjbzKUNLa/ZHzcTiUTBgJpndmD:6fxQSJDbmiUT2Ji

Score

1^/10

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration = "3"	rundll32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\SoftwareSASGeneration = "0"	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\AgentCAD64.dll,#1
1⤵
- System policy modification
PID:2740

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact