afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9

General

Target

afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
Size

1.3MB
MD5

84acc33a0467e8641e2cc5d2854e147c
SHA1

e60cafded673db9c4679a08ff14fdd8446a05ba5
SHA256

afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9
SHA512

b0f864b4794d09670ebd3069f598165966c3edf405a07351ffcb86fa3127fb28cd8d834ee0d515738058ec7d7f19efa8b30c00eb7ededff45a7870e3030dd2dc
SSDEEP

24576:jrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakp:jrKo4ZwCOnYjVmJPaa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

description	pid	process	target process
PID 956 set thread context of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

pid	process
936	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
936	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
936	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
936	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
936	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

description	pid	process	target process
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
PID 956 wrote to memory of 936	956	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe	afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe

C:\Users\Admin\AppData\Local\Temp\afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
"C:\Users\Admin\AppData\Local\Temp\afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:956

C:\Users\Admin\AppData\Local\Temp\afda4603272788e41c156922f3c68ecf8b4b4bbcd215f3fe87da1216f70fa6f9.exe
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/936-54-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-55-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-57-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-59-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-61-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-63-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-65-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-66-0x000000000044E057-mapping.dmp

Download
memory/936-68-0x00000000760A1000-0x00000000760A3000-memory.dmp

Filesize
8KB

Download
memory/936-69-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-70-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-71-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/936-73-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads