3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a

Analysis

max time kernel
25s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe
Size

84KB
MD5

5a68fd65f41dd8312743e5a93e508b60
SHA1

9a76be8373d798880eff577e8c63f47fdc910f34
SHA256

3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a
SHA512

9a619396c106e7ae259b07cd6db07f3817fe3906d5a2bbfca14d295b55620290988659566397e1baa7863b6f4fcf2e5b8641fef9aa1591dbf2c463a43168c17b
SSDEEP

768:m3ncJu5hBXF2pmiq2V41xNmAFgGyi4XwP13GT9W28z/zMp5xAFiE3s:m3cJu5hBVWq2kN6LXwPVGT9lgA5gs

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1884	1268	WerFault.exe	8

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Display Inline Images = "yes"	3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\SOFTWARE\Microsoft\Internet Explorer\Main	3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
964	3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe
964	3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe

Suspicious use of WriteProcessMemory 1 IoCs

description	pid	Process	procid_target
PID 964 wrote to memory of 1268	964	3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe	8

C:\Users\Admin\AppData\Local\Temp\3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe
"C:\Users\Admin\AppData\Local\Temp\3323507f92efebb034e26d9b1d71d9ad81aabf92f04bd599f83c19033eea418a.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:964

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1268
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1268 -s 656
  2⤵
  - Program crash
  PID:1884

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download