948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225

General

Target

948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
Size

1.5MB
MD5

4d0419a6682fc0ab52820e6171380ef1
SHA1

bcd3b17f1ab2e6c02f71a476fbe8d8ed92dedc95
SHA256

948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225
SHA512

b300a6b83d82bffda895b827ee769a6e661bd701e7d71234110cf46d125f2e727e958b345899c6ac3ca919260594425e9367caeb51bc6007b59a9cc4d407ef73
SSDEEP

24576:1zD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYQ:P6/ye0PIphrp9Zuvjqa0Uidj

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

description	pid	process	target process
PID 1932 set thread context of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

pid	process
1936	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
1936	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
1936	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
1936	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
1936	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

description	pid	process	target process
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
PID 1932 wrote to memory of 1936	1932	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe	948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe

C:\Users\Admin\AppData\Local\Temp\948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
"C:\Users\Admin\AppData\Local\Temp\948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Users\Admin\AppData\Local\Temp\948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe
  "C:\Users\Admin\AppData\Local\Temp\948309d204cdbb6b33063f57acda71246259a23e2547ba9fee2c640390d05225.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-54-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-55-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-57-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-59-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-61-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-63-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-65-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-66-0x000000000045304C-mapping.dmp

Download
memory/1936-68-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

Filesize
8KB

Download
memory/1936-69-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-70-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/1936-72-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads