f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e

Analysis

max time kernel
175s
max time network
200s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe
Size

475KB
MD5

671530cd84dd3a87d305276eb23d36d5
SHA1

da4eaa47832c5412707b4aea08d473a92d703b94
SHA256

f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e
SHA512

3f7cb68e8a0ae394feb19791b01923caefdc45ff7deaf44521b9109d515e69bacfe8aba2b297d1c8b62963743da37a2c345a0681157aae74065e5d41bdb52258
SSDEEP

12288:EQR17Zoi9I6ilkSE9RiTyR79Osvq2aqpU3gBw:pZoifUyssvq2Xpg

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
584	auukrlnmsuov.exe

Loads dropped DLL 2 IoCs

pid	Process
1672	f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe
1672	f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	auukrlnmsuov.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	584	auukrlnmsuov.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
584	auukrlnmsuov.exe
584	auukrlnmsuov.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 584	1672	f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe	28
PID 1672 wrote to memory of 584	1672	f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe	28
PID 1672 wrote to memory of 584	1672	f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe	28
PID 1672 wrote to memory of 584	1672	f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe	28

C:\Users\Admin\AppData\Local\Temp\f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe
"C:\Users\Admin\AppData\Local\Temp\f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\auukrlnmsuov.exe
  "C:\Users\Admin\AppData\Local\Temp\\auukrlnmsuov.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\auukrlnmsuov.exe

Filesize
23KB

MD5
aa11debfeedd9a06ace76db52cb678a2

SHA1
89d507dd84c2adf8ca4dc5dce023a85af4ec25af

SHA256
4ad6d06d6b086602365c4fc2c5bbd1b8f65b252a379e21f3b22fe8dbb8e9aea7

SHA512
4151130b35305b8110f7a0b5b51774532f8599ca4c558d25c49419607e402bc29d8e9cf340e2bdabcfb6c0a3a8352437b0306cb962f7b6104179df02cffe2042

Download Submit
C:\Users\Admin\AppData\Local\Temp\auukrlnmsuov.exe

Filesize
23KB

MD5
aa11debfeedd9a06ace76db52cb678a2

SHA1
89d507dd84c2adf8ca4dc5dce023a85af4ec25af

SHA256
4ad6d06d6b086602365c4fc2c5bbd1b8f65b252a379e21f3b22fe8dbb8e9aea7

SHA512
4151130b35305b8110f7a0b5b51774532f8599ca4c558d25c49419607e402bc29d8e9cf340e2bdabcfb6c0a3a8352437b0306cb962f7b6104179df02cffe2042

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
475KB

MD5
671530cd84dd3a87d305276eb23d36d5

SHA1
da4eaa47832c5412707b4aea08d473a92d703b94

SHA256
f168116bf5d3c831dc129d93da325a82fb6dde3c532115e9a0be5a389fee1f6e

SHA512
3f7cb68e8a0ae394feb19791b01923caefdc45ff7deaf44521b9109d515e69bacfe8aba2b297d1c8b62963743da37a2c345a0681157aae74065e5d41bdb52258

Download Submit
\Users\Admin\AppData\Local\Temp\auukrlnmsuov.exe

Filesize
23KB

MD5
aa11debfeedd9a06ace76db52cb678a2

SHA1
89d507dd84c2adf8ca4dc5dce023a85af4ec25af

SHA256
4ad6d06d6b086602365c4fc2c5bbd1b8f65b252a379e21f3b22fe8dbb8e9aea7

SHA512
4151130b35305b8110f7a0b5b51774532f8599ca4c558d25c49419607e402bc29d8e9cf340e2bdabcfb6c0a3a8352437b0306cb962f7b6104179df02cffe2042

Download Submit
\Users\Admin\AppData\Local\Temp\auukrlnmsuov.exe

Filesize
23KB

MD5
aa11debfeedd9a06ace76db52cb678a2

SHA1
89d507dd84c2adf8ca4dc5dce023a85af4ec25af

SHA256
4ad6d06d6b086602365c4fc2c5bbd1b8f65b252a379e21f3b22fe8dbb8e9aea7

SHA512
4151130b35305b8110f7a0b5b51774532f8599ca4c558d25c49419607e402bc29d8e9cf340e2bdabcfb6c0a3a8352437b0306cb962f7b6104179df02cffe2042

Download Submit
memory/584-59-0x000007FEF40C0000-0x000007FEF4AE3000-memory.dmp

Filesize
10.1MB

Download
memory/584-60-0x000007FEF3020000-0x000007FEF40B6000-memory.dmp

Filesize
16.6MB

Download
memory/584-62-0x000007FEFC421000-0x000007FEFC423000-memory.dmp

Filesize
8KB

Download