29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab

Analysis

max time kernel
124s
max time network
127s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
22/11/2022, 15:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe
Size

1.3MB
MD5

92600d471ffc79c5b559887600053c14
SHA1

00404bb5ab053665b48bf10f6b0f84ed96060b27
SHA256

29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab
SHA512

973cda6e5471c45797fcae3d52e1a77a948f717ae3b7a0e2a3f69d5457a73740c740b2136809214d6435f892591fbe71ee33448104e5b08caabac9ef5f33d23c
SSDEEP

24576:zrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:zrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1492 set thread context of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1708	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe
1708	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe
1708	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe
1708	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe
1708	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27
PID 1492 wrote to memory of 1708	1492	29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe	27

C:\Users\Admin\AppData\Local\Temp\29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe
"C:\Users\Admin\AppData\Local\Temp\29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\29f3e4ef2238f08b2ef9e1932d72ea1a47e3e545800024887e4633c9681ca4ab.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-54-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-55-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-57-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-59-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-61-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-63-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-65-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-68-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/1708-69-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-70-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-71-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1708-73-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download