b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/11/2022, 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2.exe
Size

934KB
MD5

4e53b23b1aae4a666cc8393d97f4e678
SHA1

335684c6e8abe3206bc4e7536f892541249eb1eb
SHA256

b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2
SHA512

37eca1e1e47a8ad7f6c23ed79495d10a1d8c9f307b255b3218522a2353cab1fc9bc80a73fd0dc95cc0024e4b11dd6a7b09e6c9ace83b3caba42aaf4e65edbf95
SSDEEP

12288:s7WYXH+V1WLeb2gezZMXQPonJbMNfC36XXOdg9rhTmgY:s7WYeVULc2LyXQ2MpoqXxS

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1212	b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2.exe
1212	b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2.exe

C:\Users\Admin\AppData\Local\Temp\b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2.exe
"C:\Users\Admin\AppData\Local\Temp\b8c83aa0ef08db78a1e919bbd4c9bad2d0266713facccf13a6a3ae13bff292e2.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1212

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download