a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba

General

Target

a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
Size

1.3MB
MD5

4bd411c405dcab0bb9ee8af2a161e879
SHA1

dac76ff37184469aa307110db289bc11d317e13e
SHA256

a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba
SHA512

ee7387b1880111e1cf3c2bc082c0048fe3e034ef2c1af5853b5ce283977186e2f3659271c947597d288fa29772f1674040fbbafad6707d591942a3b6ab4d306e
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak9:7rKo4ZwCOnYjVmJPaS

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

description	pid	process	target process
PID 2040 set thread context of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

pid	process
1100	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
1100	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
1100	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
1100	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
1100	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

description	pid	process	target process
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
PID 2040 wrote to memory of 1100	2040	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe	a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe

C:\Users\Admin\AppData\Local\Temp\a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
"C:\Users\Admin\AppData\Local\Temp\a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2040

C:\Users\Admin\AppData\Local\Temp\a0f8e1746370e94333976134e362f0931f0e58c86c5b3503ad04e35133218cba.exe
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1100

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1100-54-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-55-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-57-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-59-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-61-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-63-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-65-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-66-0x000000000044E057-mapping.dmp

Download
memory/1100-68-0x00000000761E1000-0x00000000761E3000-memory.dmp

Filesize
8KB

Download
memory/1100-69-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-70-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1100-72-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads