4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171

Analysis

max time kernel
48s
max time network
63s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe
Size

1.3MB
MD5

5f43d18d2466921be82837bc2a9cff3e
SHA1

979674197ae4b9dea07e237e2722dd8c73a73e7d
SHA256

4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171
SHA512

869c0f998b48369cf624228202d2ac61bc71bce59a18f29077ba7c61912f54b5d13e27271d8ea8584960a13fde33103cf5e368289ec514713ecf34eff4cdffde
SSDEEP

24576:euq2tmafPHRCOfLIRT26ULQX+llih7yzs905h0OsYOl9ooM3hGrBswDNgG:EaHPixOa9puO

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1788 set thread context of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
972	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe
972	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe
972	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe
972	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe
972	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28
PID 1788 wrote to memory of 972	1788	4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe	28

C:\Users\Admin\AppData\Local\Temp\4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe
"C:\Users\Admin\AppData\Local\Temp\4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Users\Admin\AppData\Local\Temp\4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe
  "C:\Users\Admin\AppData\Local\Temp\4732207be6d1e8b3e207bc7c39c4b29677365cb9a1b8d785ecd5250f2204b171.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:972

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/972-54-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-55-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-57-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-59-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-61-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-63-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-65-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-68-0x00000000754F1000-0x00000000754F3000-memory.dmp

Filesize
8KB

Download
memory/972-69-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-70-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-71-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/972-73-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download