d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505

General

Target

d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
Size

1.1MB
MD5

8abb84e85a72f0823e4443c1e2be6e16
SHA1

42baa4307d802113748e6a6643b983614ed1d9a9
SHA256

d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505
SHA512

6a87357bf6a0afcf2e772aa2023548cc3a62052533732ab16436d09995ed20a01b0c5b988d96b70c6bd8d38db4386429efa517d6c0df467a4982e300f341619e
SSDEEP

24576:kjmOYKa/TY9ZPFXntEi+m/ZWOLB28TS3985qEeP02wg:kqvkHZt7+mBWABf202f

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

description	pid	process	target process
PID 1220 set thread context of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

pid	process
944	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
944	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
944	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
944	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
944	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

description	pid	process	target process
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
PID 1220 wrote to memory of 944	1220	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe	d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe

C:\Users\Admin\AppData\Local\Temp\d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
"C:\Users\Admin\AppData\Local\Temp\d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Users\Admin\AppData\Local\Temp\d2ab7d157878ae132cdcdd10a6497cd5412188ab053afe5d04cbf086996d4505.exe
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/944-54-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-55-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-57-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-59-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-61-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-63-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-66-0x000000000044E28C-mapping.dmp

Download
memory/944-65-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-68-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/944-69-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-70-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-71-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download
memory/944-72-0x0000000000400000-0x00000000004ED000-memory.dmp

Filesize
948KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads