62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1

General

Target

62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Size

5.0MB
MD5

4d18783059031dea15c1ff32f60ea380
SHA1

b370235425ba172a351eb7bd9c3e711029103c62
SHA256

62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1
SHA512

eaf09b4b43e24269c38e967c67e1bf83aaa5264e73d0bf6f4d533c55466ab2ecbb9d32549791ced53475d6e29863f8c0fee3821c82bd20c2e82fc0f28a134b53
SSDEEP

98304:0+X5XaVffwHHKoRdqP60SbRQTD4wP7wxJRzDSbRQTD4wP7wxJRz4:z2Uqo5+/z7wxJR6+/z7wxJRE

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Éîº£ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe"	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

Processes:

62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

description	pid	process
Token: SeDebugPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 1	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeCreateTokenPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeAssignPrimaryTokenPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeLockMemoryPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeIncreaseQuotaPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeMachineAccountPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeTcbPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeSecurityPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeTakeOwnershipPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeLoadDriverPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeSystemProfilePrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeSystemtimePrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeProfSingleProcessPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeIncBasePriorityPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeCreatePagefilePrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeCreatePermanentPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeBackupPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeRestorePrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeShutdownPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeDebugPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeAuditPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeSystemEnvironmentPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeChangeNotifyPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeRemoteShutdownPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeUndockPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeSyncAgentPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeEnableDelegationPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeManageVolumePrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeImpersonatePrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: SeCreateGlobalPrivilege	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 31	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 32	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 33	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 34	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 35	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 36	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 37	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 38	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 39	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 40	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 41	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 42	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 43	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 44	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 45	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 46	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 47	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
Token: 48	2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

pid	process
2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
2248	62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe

C:\Users\Admin\AppData\Local\Temp\62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe
"C:\Users\Admin\AppData\Local\Temp\62dcd6e23be41d2f3d5a350d909240714781431b2d8dbffea6d31cd9b4d170d1.exe"
1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2248-3-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/2248-4-0x0000000002B70000-0x0000000002C71000-memory.dmp

Filesize
1.0MB

Download
memory/2248-23-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads