ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57

General

Target

ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
Size

1.6MB
MD5

4ad492d61b7424f684db292d528b203c
SHA1

266712a8f7f795afbd85164908eab50c857e3edc
SHA256

ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57
SHA512

683b1231aa5934cec296a7d6f52e501cf1a68d234cb707f6c85a51999dff7eb3f94ea0e0bbc7ce154e4b91c16f8a641697527a3ea57adf8b1fc6b8a17be4210d
SSDEEP

24576:NzD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYB:n6/ye0PIphrp9Zuvjqa0Uidq

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

description	pid	process	target process
PID 1044 set thread context of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

pid	process
1504	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
1504	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
1504	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
1504	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
1504	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

description	pid	process	target process
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
PID 1044 wrote to memory of 1504	1044	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe	ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe

C:\Users\Admin\AppData\Local\Temp\ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
"C:\Users\Admin\AppData\Local\Temp\ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\AppData\Local\Temp\ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe
  "C:\Users\Admin\AppData\Local\Temp\ab5aff3a33a9834a03e2a29ab1fb970d674d64f29c5510b3352e414d8e513e57.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1504

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1504-54-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-55-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-57-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-59-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-61-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-63-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-65-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-66-0x000000000045304C-mapping.dmp

Download
memory/1504-68-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download
memory/1504-69-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-70-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-71-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1504-73-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads