e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7v20210410
submitted
16-06-2021 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
Size

157KB
MD5

4b06a9dd4d1e21da9c2810202188a625
SHA1

693e872947ef658cf2cf6215fc1562b5645ec3c4
SHA256

e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275
SHA512

28180fb909f692e9ad00058abf5b8b920bcc44907275151825f570c808ff417d9e501493f1a55ef8f112434ceb70e64cf8214e8fb8018933faa949078908461c

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\2500 = "3"	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500 = "3"	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500 = "3"	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3"	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2513283230-931923277-594887482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500 = "3"	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 1992	1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe	26
PID 1756 wrote to memory of 1992	1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe	26
PID 1756 wrote to memory of 1992	1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe	26
PID 1756 wrote to memory of 1992	1756	e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe	26

C:\Users\Admin\AppData\Local\Temp\e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
"C:\Users\Admin\AppData\Local\Temp\e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe"
1⤵
- Modifies Internet Explorer Protected Mode
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe
  C:\Users\Admin\AppData\Local\Temp\e46ab0a7d7f26c3c867291efdcb9aa6c8785d986a9a58486a8eb29f8c61e3275.exe --vwxyz
  2⤵
  PID:1992

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-59-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download