198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2022, 08:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Size

32KB
MD5

963b80fd0e024ec9f6419cce18befea6
SHA1

9f1944f5f1c82071bd6bfcec14de3fb3118411bb
SHA256

198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4
SHA512

166f8ca7b8166f82457a371dc6011e1aee05f61846da0dd684c455bcb3f0500a5edfb5ef604b99606faae03dd9fb2c99791e8015408b09c16ba0b74aa5e68018
SSDEEP

384:cMS6T7efLYdOP/vCyEvPScTAYPxDMBxxP1AWnDBVjU4ZXo7Ucgv:cL6TafLEOPmPjTAYp0NTnDBdZXo7UcY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "148"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "148"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "232"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DOMStorage\hao123.com	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "287"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.hao123.com	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "63"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "87"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "161"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "173"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "161"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "292"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "87"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "105"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "287"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "310"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\NumberOfSubdomains = "1"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "87"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "105"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "148"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "232"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "292"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "161"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "232"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "310"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "310"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "63"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "63"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "105"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "173"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "173"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.hao123.com\ = "292"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\hao123.com\Total = "287"	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
4100	198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe

C:\Users\Admin\AppData\Local\Temp\198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe
"C:\Users\Admin\AppData\Local\Temp\198752f52104427f8f84601d4fb606c0b04432e9df2517d3f5b6b3923790acd4.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
PID:4100

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads