ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f

Analysis

max time kernel
143s
max time network
156s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe
Size

476KB
MD5

89c4bf7297f085059f17b0ba1aa9c28d
SHA1

f745c646fdf028af68934ed508ea59196690c6d6
SHA256

ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f
SHA512

3b4e5f9fb6440d8ca00d6c186cf8d8a541705d27b2e2e293c8742a54c531f73d23a6e1bd4a99d9a327b8f71aa95b8887df336c48844d8427946517ca6f3241e9
SSDEEP

12288:st5AZ4CH2jUyobbWxLxKveZt/nNrV7LS8W:5Z4CWonixKverN9ZW

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1368	izsilaivzltjlbd.exe

Loads dropped DLL 2 IoCs

pid	Process
1008	ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe
1008	ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	izsilaivzltjlbd.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1368	izsilaivzltjlbd.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1368	izsilaivzltjlbd.exe
1368	izsilaivzltjlbd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1368	1008	ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe	28
PID 1008 wrote to memory of 1368	1008	ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe	28
PID 1008 wrote to memory of 1368	1008	ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe	28
PID 1008 wrote to memory of 1368	1008	ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe	28

C:\Users\Admin\AppData\Local\Temp\ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe
"C:\Users\Admin\AppData\Local\Temp\ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe
  "C:\Users\Admin\AppData\Local\Temp\\izsilaivzltjlbd.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1368

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe

Filesize
24KB

MD5
bded699ccef883840badce58f804d7f8

SHA1
24af43a1d9718fe780b5d9ae6827217c0e642adf

SHA256
882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

SHA512
2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe

Filesize
24KB

MD5
bded699ccef883840badce58f804d7f8

SHA1
24af43a1d9718fe780b5d9ae6827217c0e642adf

SHA256
882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

SHA512
2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
476KB

MD5
89c4bf7297f085059f17b0ba1aa9c28d

SHA1
f745c646fdf028af68934ed508ea59196690c6d6

SHA256
ab6fe618e09399709a8337cce0fcd8fa233144283681a10d7c7eac475d79c07f

SHA512
3b4e5f9fb6440d8ca00d6c186cf8d8a541705d27b2e2e293c8742a54c531f73d23a6e1bd4a99d9a327b8f71aa95b8887df336c48844d8427946517ca6f3241e9

Download Submit
\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe

Filesize
24KB

MD5
bded699ccef883840badce58f804d7f8

SHA1
24af43a1d9718fe780b5d9ae6827217c0e642adf

SHA256
882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

SHA512
2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

Download Submit
\Users\Admin\AppData\Local\Temp\izsilaivzltjlbd.exe

Filesize
24KB

MD5
bded699ccef883840badce58f804d7f8

SHA1
24af43a1d9718fe780b5d9ae6827217c0e642adf

SHA256
882a8bc0d59d5a6b25dd92d301ab47427db727cce84d37b299bc18be14b1ba34

SHA512
2a86aca1ae37bc2c90549112be52f962723d3a0d09257867efe47d3fc5afca418075d38ce30b2185afe2451eac774d2485fd4bd6563d28de11fed41a8f276bd8

Download Submit
memory/1368-59-0x000007FEF3580000-0x000007FEF3FA3000-memory.dmp

Filesize
10.1MB

Download
memory/1368-60-0x000007FEF24E0000-0x000007FEF3576000-memory.dmp

Filesize
16.6MB

Download
memory/1368-62-0x000007FEFB901000-0x000007FEFB903000-memory.dmp

Filesize
8KB

Download