44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e

General

Target

44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
Size

1.3MB
MD5

df84467e4f5c4d8a2780c3a4c8f7535a
SHA1

95fbfcd97e1f425d321558a5d4f2852a3f87900f
SHA256

44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e
SHA512

d08140073f1d9c229cedc523601ec851856c78543387bb18573b21ab3c34b4eda637bf993bb829c9f6e0ef388067b730a39489ad453afd65c531f77c2d1ce188
SSDEEP

24576:7rKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPakJ:7rKo4ZwCOnYjVmJPay

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

description	pid	process	target process
PID 1708 set thread context of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

pid	process
1944	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
1944	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
1944	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
1944	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
1944	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

description	pid	process	target process
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
PID 1708 wrote to memory of 1944	1708	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe	44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe

C:\Users\Admin\AppData\Local\Temp\44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
"C:\Users\Admin\AppData\Local\Temp\44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1708

C:\Users\Admin\AppData\Local\Temp\44e98bee8e866c310fef6f6f66e5b7879d8c5a26e86a8c69bdf2299d1f09468e.exe
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-54-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-55-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-57-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-59-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-61-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-63-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-66-0x000000000044E057-mapping.dmp

Download
memory/1944-65-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-68-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/1944-69-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-70-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-72-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/1944-73-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads