c8047bcdb4f99ab22326d4fe0be83b5d0c9efa6cfd8ae86514518996591bdd71

Analysis

max time kernel
116s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
21/03/2025, 08:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
Size

10.6MB
MD5

d5fd92c71e5498d4d7f9c53cac8dbbe9
SHA1

ea28951af3249fc4781fd60282bbae1c4bc25d26
SHA256

c8047bcdb4f99ab22326d4fe0be83b5d0c9efa6cfd8ae86514518996591bdd71
SHA512

38dcd7a9b7e5cbe2e27dc1a6b6fb3ec656a1b4227329a5560e25aa8f8d6ef6c0d21fd59e2743a9343be78af8adbc3d68f20ee0f8479768e3cc8b20083be6214c
SSDEEP

196608:I+D5q1SGs2yRwtkpqShRBhR3hRbhRhhR/hR5hR8:DAkLRLRxRtRrRJRzR8

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\L = "c:\\Windows\\System32\\L.exe"	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CYfb = "c:\\Windows\\System32\\CYfb.exe"	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UiEvkYSk = "c:\\Windows\\System32\\UiEvkYSk.exe"	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\desktop.ini	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	\??\c:\Windows\System32\L.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	\??\c:\Windows\System32\CYfb.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	\??\c:\Windows\System32\UiEvkYSk.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageSmallTile.scale-100_contrast-white.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Images\thumb_stats_render_sm.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-30_altform-unplated_contrast-black.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-256_altform-unplated.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-ul-oob.xrm-ms	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_altform-unplated_contrast-white.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\LargeTile.scale-150.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.7_1.7.25531.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\capture\shutter_button.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\MedTile.scale-200.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Error.m4a	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Voices\en-GB\en-GB_female_TTS\prompts_en-GB_TTS.lua	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-256.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-20_contrast-white.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\System.ValueTuple.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcr120.dll.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraWideTile.scale-125.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Edit.AppTk.SceneGraph.dll.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Controls.Ribbon.resources.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.winmd.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.FileUtils.dll.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\LargeTile.scale-125.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Common.ShowHelp.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Yahoo-Light.scale-400.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-36_contrast-white.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\SearchPlaceholder-light.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\SplashScreen.scale-150.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-96.png.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-96_contrast-black.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\YourPhone.winmd.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-phn.xrm-ms.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\LiveTile\W4.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.45e00f56.pri	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteLargeTile.scale-400.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-400.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-200.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationCore.resources.dll.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\ExchangeBadge.scale-150.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxBadge.scale-200.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.exe	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-48_altform-unplated_contrast-black.png	2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe

C:\Users\Admin\AppData\Local\Temp\2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2025-03-21_d5fd92c71e5498d4d7f9c53cac8dbbe9_cobalt-strike_poet-rat_sliver_snatch.exe"
1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll.exe

Filesize
11.3MB

MD5
87ea9f319633955e0f16371618a775e2

SHA1
61f5016b24c8444bb1983a4335310af694636cae

SHA256
81ae6e8287db48902d97b4b711b4feab48686c966a65494ffd0538284503be1f

SHA512
a715e02ef5e8f5910a5406eac9f2ebb4b437beef5c7299c742fcced562c34827e9dd0d7a0efd1ccfd54143ff51da670da8f3987568dff8477a162fb0b3d84395

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads