4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142

Analysis

max time kernel
134s
max time network
155s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 01:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe
Size

460KB
MD5

7124040881976d2566c3cfdbf76cf830
SHA1

a4cda97f0f761820a91d21f78450eb6bdb3c17b2
SHA256

4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142
SHA512

7e393c0bff71f49b201ba0878314352900a4cdbdc8bc3b7fb8a7c2a58ff148ead31ca8b7f5a47c6e5c4f8877c00ea1174c3b37fcaaae2c84d431a0b10c9c9572
SSDEEP

6144:Te1x8OvFt/056aMOQWmqjKYZaHZacAoIDpTuxX+kyaclsmO1oBdjkU+TEH0afB8Z:iv/i6jOQlqLZa5VAAslsmOGZ9S

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2028	mcsmvzpebpmhc.exe

Loads dropped DLL 2 IoCs

pid	Process
1780	4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe
1780	4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	mcsmvzpebpmhc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2028	mcsmvzpebpmhc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2028	mcsmvzpebpmhc.exe
2028	mcsmvzpebpmhc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2028	1780	4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe	28
PID 1780 wrote to memory of 2028	1780	4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe	28
PID 1780 wrote to memory of 2028	1780	4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe	28
PID 1780 wrote to memory of 2028	1780	4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe	28

C:\Users\Admin\AppData\Local\Temp\4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe
"C:\Users\Admin\AppData\Local\Temp\4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe
  "C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe

Filesize
7KB

MD5
47c835c22089e8995742f10696dad5e8

SHA1
f9921459382827b140098c000500f6f8b85c826d

SHA256
f551a071a9f277545deec029df075e90c622dbe33dd55c2f2c274173677058ea

SHA512
2bb6be1ef168f2e71697195b540c26e632a65d4c3d84676746fcc8dcaca3ac3714d949ecc71c5e73bd1444c5e23267d3a5be18b5183f7e93ea00d90affd4e07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe

Filesize
7KB

MD5
47c835c22089e8995742f10696dad5e8

SHA1
f9921459382827b140098c000500f6f8b85c826d

SHA256
f551a071a9f277545deec029df075e90c622dbe33dd55c2f2c274173677058ea

SHA512
2bb6be1ef168f2e71697195b540c26e632a65d4c3d84676746fcc8dcaca3ac3714d949ecc71c5e73bd1444c5e23267d3a5be18b5183f7e93ea00d90affd4e07b

Download Submit
C:\Users\Admin\AppData\Local\Temp\xytfhewdfokl\parent.txt

Filesize
460KB

MD5
7124040881976d2566c3cfdbf76cf830

SHA1
a4cda97f0f761820a91d21f78450eb6bdb3c17b2

SHA256
4ad0055fc1542982a3427db529c86ad8513bb848f07765c07490145586076142

SHA512
7e393c0bff71f49b201ba0878314352900a4cdbdc8bc3b7fb8a7c2a58ff148ead31ca8b7f5a47c6e5c4f8877c00ea1174c3b37fcaaae2c84d431a0b10c9c9572

Download Submit
\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe

Filesize
7KB

MD5
47c835c22089e8995742f10696dad5e8

SHA1
f9921459382827b140098c000500f6f8b85c826d

SHA256
f551a071a9f277545deec029df075e90c622dbe33dd55c2f2c274173677058ea

SHA512
2bb6be1ef168f2e71697195b540c26e632a65d4c3d84676746fcc8dcaca3ac3714d949ecc71c5e73bd1444c5e23267d3a5be18b5183f7e93ea00d90affd4e07b

Download Submit
\Users\Admin\AppData\Local\Temp\xytfhewdfokl\mcsmvzpebpmhc.exe

Filesize
7KB

MD5
47c835c22089e8995742f10696dad5e8

SHA1
f9921459382827b140098c000500f6f8b85c826d

SHA256
f551a071a9f277545deec029df075e90c622dbe33dd55c2f2c274173677058ea

SHA512
2bb6be1ef168f2e71697195b540c26e632a65d4c3d84676746fcc8dcaca3ac3714d949ecc71c5e73bd1444c5e23267d3a5be18b5183f7e93ea00d90affd4e07b

Download Submit
memory/2028-59-0x000007FEF40A0000-0x000007FEF4AC3000-memory.dmp

Filesize
10.1MB

Download
memory/2028-60-0x000007FEF3000000-0x000007FEF4096000-memory.dmp

Filesize
16.6MB

Download
memory/2028-61-0x000007FEFC421000-0x000007FEFC423000-memory.dmp

Filesize
8KB

Download