ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a

Analysis

max time kernel
149s
max time network
152s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe
Size

329KB
MD5

2a41d3cac767f87fe2189aefc68e446e
SHA1

3d29f2242a45dfa23356ec67cb82446ba46a3a94
SHA256

ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a
SHA512

cd758fd283f6d0ae59eab988746e0466284f846c76889acee7907d859eb9f1b0abc32a08d59ecae664aaad911c7e8141d713e4c4ad9671fe29404bbc62f7ecb2
SSDEEP

6144:oFSJry9l99YeXc6ChVFvfdXpO8swhfLATHCYm+AKthZnysqDnVNRPwoxYrYBei6t:nY9l9Sxb9fd5O8JxL46+AaDysatwoxYn

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
756	ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe
756	ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	756	ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
756	ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe
756	ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe

C:\Users\Admin\AppData\Local\Temp\ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe
"C:\Users\Admin\AppData\Local\Temp\ab9e1dedc5259eb033ea61d175d264d048f95fb11ca83aa1b90a576dc7944c0a.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:756

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dfsF25B.tmp

Filesize
496KB

MD5
101253c625eb493e8370d2620e915146

SHA1
263b79d7e28fbc52223ef817aea7f8b9a060e73c

SHA256
9bab4695daa00369eb8023a872dc1cfbfc25af0ebb2607149e494ef94b332788

SHA512
d1d479545c894c3565df740198a7e31866c0bb563c42a5b040c5670483ee5c18fffcc437643a1a79901bb1c2f255d009f27bae7d944b5e5366b59217db95bb7b

Download Submit
\Users\Admin\AppData\Local\Temp\dfsF25B.tmp

Filesize
496KB

MD5
101253c625eb493e8370d2620e915146

SHA1
263b79d7e28fbc52223ef817aea7f8b9a060e73c

SHA256
9bab4695daa00369eb8023a872dc1cfbfc25af0ebb2607149e494ef94b332788

SHA512
d1d479545c894c3565df740198a7e31866c0bb563c42a5b040c5670483ee5c18fffcc437643a1a79901bb1c2f255d009f27bae7d944b5e5366b59217db95bb7b

Download Submit
memory/756-54-0x0000000000130000-0x0000000000203000-memory.dmp

Filesize
844KB

Download
memory/756-55-0x00000000000F0000-0x00000000000F3000-memory.dmp

Filesize
12KB

Download
memory/756-58-0x0000000000590000-0x0000000000612000-memory.dmp

Filesize
520KB

Download
memory/756-59-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/756-60-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download
memory/756-61-0x0000000004257000-0x0000000004268000-memory.dmp

Filesize
68KB

Download
memory/756-62-0x00000000000F0000-0x00000000000F3000-memory.dmp

Filesize
12KB

Download
memory/756-63-0x0000000004257000-0x0000000004268000-memory.dmp

Filesize
68KB

Download
memory/756-64-0x000000000C960000-0x000000000D106000-memory.dmp

Filesize
7.6MB

Download