223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422

Analysis

max time kernel
113s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
Size

1.2MB
MD5

929aad1592e3ac502499d2854d435558
SHA1

f344f40fbf7b8774c52c1e050fe9ab8d12e8a7b0
SHA256

223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422
SHA512

4ab2ff06c9d517e35c6f40bf02b2740363b043f85e4961e25c54a81fcff2aff58073e19386c4fab56495fc5c7b671bf9dd8fa596d551b958b4b27a4416540fb0
SSDEEP

12288:kqbVSV5iPddy1pmsh8IsumOmv6/xGYnSpoF5x3PnwJL8a2r4UCk+G1biN/Y892x:kq+EseIPmfv6/xGYR/nYGrzChnT9U

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

Processes:

223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\IESettingSync	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

Processes:

223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://dh.7532.com"	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://dh.7532.com"	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe

pid	process
4572	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
4572	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
4572	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
4572	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
4572	223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe

C:\Users\Admin\AppData\Local\Temp\223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe
"C:\Users\Admin\AppData\Local\Temp\223e6240134801af14b691097807391bd91e170dbfcaaf5ec235bffc0d186422.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
PID:4572

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads