4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e

Analysis

max time kernel
117s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 12:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Size

24KB
MD5

50ec27be6342c5c05a1afc6b2f9f99f2
SHA1

9e5d3887d6253fa591db2c91a2c42525992ed21c
SHA256

4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e
SHA512

1196cffc561f4d7549a6e337dd4473480db2b41c7055d5d22a8dc0aba61f19eb3f890faa9e658f2c42bf5611d361e3f94526dedae906cebd71509addcce3b744
SSDEEP

384:hbu9BFCsOTWhl0G70pMytIiW5mphOPcsFiak3WnnzSLiw+/2+3/vwVT8RmWDKwwj:oMXy0DjtIiCmph226e+/QIL3S

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4624-132-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4624-135-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\b:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\h:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\o:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\q:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\y:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\a:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\g:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\l:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\m:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\s:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\v:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\x:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\z:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\e:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\f:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\i:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\j:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\k:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\n:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\p:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\r:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\t:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\u:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File opened (read-only)	\??\w:	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\HuangZongDanger.ini	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
File created	C:\Windows\HuangZongTongJiMark.ini	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25943"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "26205"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "59766"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "82740"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "82803"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "26189"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "26205"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "56477"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "82740"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "82794"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\International\CpMRU	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "57335"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "21308"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "25971"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "59257"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "59766"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\NumberOfSubdomains = "1"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "26151"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "26741"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "45174"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "49534"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "25971"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "26151"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "56477"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "64645"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "57335"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "57335"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "59257"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "64645"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "82784"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "82806"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "82803"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "64608"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "82784"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "21308"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "49534"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "49534"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "59766"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "82794"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "82803"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "33"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "26189"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "26205"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "33"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "25943"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "25971"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "26151"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "26741"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "82784"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "33"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "45174"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "64608"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "64608"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.2345.com	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "56477"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\2345.com\Total = "59257"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.2345.com\ = "64645"	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4624	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
4624	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4624	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
4624	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
4624	4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe

C:\Users\Admin\AppData\Local\Temp\4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe
"C:\Users\Admin\AppData\Local\Temp\4c7b156c6a6e606a995b8b09099042657bdd42d73b5f989a462fdd66eda74b1e.exe"
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4624-132-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4624-135-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download