79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034

Analysis

max time kernel
127s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe
Size

97KB
MD5

2c5ba8c178ed9c4849c1ea3b72a80ef2
SHA1

2fb3f0e65e1d3728d8a296a59535606656fd3c0d
SHA256

79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034
SHA512

0a78bba5a2b5bedcc6ef0902e2c69b4154314c44a74a17cb985ff1a7ab67caa98153a37820c786e99bb77b3ac10ec8e6c236d889f951b4d383019faa3b25e302
SSDEEP

1536:8nhrmZcTsaahujJ408CQ5FRoE/ClYpnqisY3Sdt:KhqcTGh0G08vdcuGl

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe

pid process

1336 79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe

pid	process
1336	79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe
1336	79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe
1336	79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe

C:\Users\Admin\AppData\Local\Temp\79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe
"C:\Users\Admin\AppData\Local\Temp\79f25c335cee72572bc9859390514cebc098fadf2d895ed4c63355c70fd40034.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1336

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1336-54-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/1336-57-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download
memory/1336-61-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download