80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d

General

Target

80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
Size

1.6MB
MD5

2177212bd7b176dd427cfb8bf9735650
SHA1

2cb6ba2417d727c1c70149c69be34c053dc38226
SHA256

80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d
SHA512

76521e44b2c083e7762cb90df7dbee30fd34ec6d3ceb325f36738442d6869191965a908fb7b8ba7f365c564b8c3bbff015ee254d62f2312bc11515d90efed502
SSDEEP

24576:9zD5urNhRWx2Mk4JJQByw7Imlq3g495S0PwbphrpgXXOZuv/rTWeR5j4UwJZQUYo:X6/ye0PIphrp9Zuvjqa0Uidn

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

description	pid	process	target process
PID 1448 set thread context of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

pid	process
316	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
316	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
316	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
316	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
316	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

description	pid	process	target process
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
PID 1448 wrote to memory of 316	1448	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe	80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe

C:\Users\Admin\AppData\Local\Temp\80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
"C:\Users\Admin\AppData\Local\Temp\80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Users\Admin\AppData\Local\Temp\80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe
  "C:\Users\Admin\AppData\Local\Temp\80db2900e2bb6725ffad9b82b3fd766c29f1fff44a09658f84ddf14e87b62d7d.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:316

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/316-54-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-55-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-57-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-59-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-61-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-63-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-65-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-66-0x000000000045304C-mapping.dmp

Download
memory/316-68-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/316-69-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-70-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/316-72-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads