d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 10:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Size

1.1MB
MD5

0c3b045b4279a25dd5ac57c3ee94e9d0
SHA1

a481e35cbb12591d23dbd4f6c43b67451b3f91e3
SHA256

d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556
SHA512

7bf377c49d75f19dd6c2fc62b2355f167c82eb7f70c7bb6d5c2bdfd7c2f3026145e5abaf82d00d8276805a8831eaeee7f0a22ff621b34e7f5010d903b7c300b4
SSDEEP

12288:Tols8qbignAIIIaibG6BGUYSyvCnjUD//ZD1fDCkBR6eeb3MJrs3MJrbdiO/:T2NuignAmaibG7UeojULN11BR60rzrcu

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\drivers\etc\hosts	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER_IE\CheckedValue = "yes"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_GPU_RENDERING\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER\CheckedValue = "yes"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER\UncheckedValue = "no"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "10"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_GPU_RENDERING	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "10"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_SCRIPTURL_MITIGATION\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER\DefaultValue = "yes"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "9000"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER_IE\DefaultValue = "yes"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AdvancedOptions\BROWSE\SCRIPT_DEBUGGER_IE\UncheckedValue = "no"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\DisableScriptDebuggerIE = "yes"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BLOCK_LMZ_IMG\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe = "1"	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
2016	d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe

C:\Users\Admin\AppData\Local\Temp\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe
"C:\Users\Admin\AppData\Local\Temp\d74c6269494424c453a63afe38b8efdf0f0654498c4005e6745db80f7328d556.exe"
1⤵
- Drops file in Drivers directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2016-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download