a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f

General

Target

a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
Size

1.1MB
MD5

296f390eb34cc053e6c787f209382e91
SHA1

306bd0d215be7e89452c58bcf93ee6ee633629ae
SHA256

a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f
SHA512

ab57f16377108f1c5a1eaa57ddf22efe5414e7160af4da1f18aced00a2c3f069f3735e834fb20680787a17b81bc71a2e5b0fa1f51c53063e982ec284db28b4cf
SSDEEP

24576:zjmOztIjpVbUJ44R/DDK2s5mNZRzOUCrA/N3rb:zqAtI704g/D3Tm03P

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

description	pid	process	target process
PID 1492 set thread context of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

pid	process
1740	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
1740	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
1740	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
1740	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
1740	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

description	pid	process	target process
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
PID 1492 wrote to memory of 1740	1492	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe	a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe

C:\Users\Admin\AppData\Local\Temp\a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
"C:\Users\Admin\AppData\Local\Temp\a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\a60f471694bcf97aa602a3865811080d71f05c6e98993e1d098d2cab6db5780f.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1740

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-54-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-55-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-57-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-59-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-61-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-63-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-65-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-66-0x000000000044E28C-mapping.dmp

Download
memory/1740-68-0x0000000075001000-0x0000000075003000-memory.dmp

Filesize
8KB

Download
memory/1740-69-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-70-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-71-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/1740-72-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads