4d6538879d361640785635c60c842f1fd02adfb98c6001e9a24df3099e0d089a

Analysis

max time kernel
111s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 08:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
Size

10.8MB
MD5

a41bac0a92629d690e57c6c6bc9d242b
SHA1

b3da913ab3acbcdd569a35a3a5629124e26cd331
SHA256

4d6538879d361640785635c60c842f1fd02adfb98c6001e9a24df3099e0d089a
SHA512

ac70c8e0b0a02139e251651a72ae12f41bcc2d911d88d6f3c8f080529dd59a39e7431c5fb00b3a247d322df354786ae2f2596ec16b5e272317bdeae465654473
SSDEEP

196608:I+D5q1SGs2yRwtkpqShRBhRhhRQhRWhRfhRFhR+hRV:DAkLRLRrRMRCRpRHRaRV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tB = "c:\\Windows\\System32\\tB.exe"	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wifVtqjv = "c:\\Windows\\System32\\wifVtqjv.exe"	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iBjPN = "c:\\Windows\\System32\\iBjPN.exe"	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	\??\c:\Windows\System32\tB.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	\??\c:\Windows\System32\wifVtqjv.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	\??\c:\Windows\System32\iBjPN.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-oob.xrm-ms.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinAgaveCommands.xml	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-24_contrast-white.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Date.targetsize-16_contrast-white.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.82520e7b.pri	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Globalization.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-60_altform-unplated_contrast-white.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupLargeTile.scale-200.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-200.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxBlockMap.xml	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\AppIcon.altform-unplated_targetsize-32.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\avatar_default_large.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-256_altform-unplated.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-96.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-200.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-64_contrast-black.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Cryptography.X509Certificates.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-16_altform-unplated.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\sqmapi.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeMedTile.scale-200.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-100.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-32.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailWideTile.scale-400.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\StudentReport.dotx.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionLargeTile.scale-125.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNewNoteMedTile.scale-400.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Primitives.resources.dll.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.exe.config	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\MSOHTMED.EXE.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-48_altform-unplated_contrast-white.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\ReachFramework.resources.dll.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\management.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\avatar_group_large.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Place\contrast-white\WideTile.scale-100.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\MedTile.scale-100_contrast-white.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\MedTile.scale-200.png	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-24_contrast-black.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-48.png.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\SystemX86\mfc140u.dll.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Windows Defender\fr-FR\ProtectionManagement.mfl.exe	2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_a41bac0a92629d690e57c6c6bc9d242b_cobalt-strike_ezcob_poet-rat_sliver_snatch.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
11.6MB

MD5
b51872e724d9cae3e6735d0c5243779a

SHA1
85a31270d6026fcdf01f7300032c449a58dfb2b5

SHA256
5db30f20ce1c4dc9a27e5512bc885737bcf987314c2a3a99247ae630e13b3187

SHA512
97c4bb2430311151697e5a2259a94e625998fdb25f1780539114fa6b77f4727bd336da0d3f6e22086bad28cf0e7f4aa4cadace31317aeb3aa0d8730ec617544e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads