1baa512747d56367747004bb318b627ff7fff910c21193863876f7624a95dad4

General

Target

Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exe
Size

537KB
MD5

f14f7fde28054629de9143579ef3ea55
SHA1

a119a23f1835765e02386db4e4d76e2ff492f82a
SHA256

ef4184e1c5b1a5bff270c0c1528a58a97fd252fa0a0721f34bef2b95dd60a637
SHA512

dc4f9a81ce816f627ed49f258aa943ae17ba650a0e0d325247e0193e2e501f2441a454188f6a7357cbb33f575e2af92151038fd007b1e4e3bf20b63c2c99ea52
SSDEEP

12288:2RWNcr8oxnXP7r9r/+ppppppppppppppppppppppppppppp0Gu/8IaEaKbdI:NNBIX1qu/8IjbS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376222974"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b1a9cc898dc87942a1553da4f4704428000000000200000000001066000000010000200000006bfe3d94e4edd01b0aa1ef27d60861b98990a5789ef72490aeddc848e6d0a1b4000000000e80000000020000200000007c869125808e9d631b542301fe79710caf35f0e2179a14bf2549a74d66552ef520000000e6e8a9a43b206464c84e9c0577a3e82e236c65ccec89fcac5c51b8b8b07c244640000000520f670b9b8f2563ec45d2e87dc832290e20cf231487096b2f31c71af357159f14f8ce48ae8635ecf52eec78f4b37db81a38ed196397d39ccf09560c9812b1e2	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909d90b78001d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DD6853F1-6D73-11ED-A064-6A6CB2F85B9F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b1a9cc898dc87942a1553da4f470442800000000020000000000106600000001000020000000ad61c88b3f36b97244a7fd96245b01fb71c4685ed8476c305a488f7866e48512000000000e80000000020000200000001d1557feccdc23f4e061eb44310e1afad838dcef85389624c014f61100aa5a7c9000000042a978162c46f3d815f100e82080c6a743f82c99870cc91db1d2900c7a8e29d3843ebf3a486226b9c92959eb1c8794e93ce7f2a787f1e08b0366da1f2f87d13a82dd7c85fbb58e4e56bf9a77a62b48ae9fdea6131e29b08ea4a78c7d547b60ea87600e2efedb4d8134704bd861a3c055b1d95cc2f794c9eeff6fb609e3cf6786e4acefe5ff8bc7b88f858a31099048b440000000fa77c176a5c369f8a5b48217d4de48c963ce405e47405bca7b76e26322ec7cf697d3767a9fe6476a4b4dff72dd4c93c874126db579846efbcf8df7d05b51a8fd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

960 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

960 iexplore.exe
960 iexplore.exe
1756 IEXPLORE.EXE
1756 IEXPLORE.EXE
1756 IEXPLORE.EXE
1756 IEXPLORE.EXE

pid	process
960	iexplore.exe

pid	process
960	iexplore.exe
960	iexplore.exe
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE
1756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exeiexplore.exe

description	pid	process	target process
PID 2036 wrote to memory of 960	2036	Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exe	iexplore.exe
PID 2036 wrote to memory of 960	2036	Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exe	iexplore.exe
PID 2036 wrote to memory of 960	2036	Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exe	iexplore.exe
PID 2036 wrote to memory of 960	2036	Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exe	iexplore.exe
PID 960 wrote to memory of 1756	960	iexplore.exe	IEXPLORE.EXE
PID 960 wrote to memory of 1756	960	iexplore.exe	IEXPLORE.EXE
PID 960 wrote to memory of 1756	960	iexplore.exe	IEXPLORE.EXE
PID 960 wrote to memory of 1756	960	iexplore.exe	IEXPLORE.EXE
PID 960 wrote to memory of 1756	960	iexplore.exe	IEXPLORE.EXE
PID 960 wrote to memory of 1756	960	iexplore.exe	IEXPLORE.EXE
PID 960 wrote to memory of 1756	960	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exe
"C:\Users\Admin\AppData\Local\Temp\Invoice_N78JHF236B4L5M77M_AX800 Series 4K Ultra HD TV - 65 Class (64.5 Diag.) TC-65AX800U_Panasonic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2036

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\RarSFX0\invoice_Panasonic_ZE3J5S4D.html
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:960

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:960 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\invoice_Panasonic_ZE3J5S4D.html
Filesize
10KB

MD5
0a1f920ccf2d4c113d800159267da2ed

SHA1
50a927f074613bf52edceebbf7d8717818a78d20

SHA256
94252cf5c90b4bc5a3815092dd31376c4ceb10d49ed3bc2a4e4d2e44597c9447

SHA512
282ef229a9d71e88e46b4ada88b2a30dc3a3984931e6460b34a270b69836383b59e53afb2df50fad697c1b195a95f54525c9a76bf5867bf9df0850887ce4d905

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5DH9DYSV.txt
Filesize
604B

MD5
c7d94312962bc2e1d9b4974002ebe9c1

SHA1
03b064cb8855f1df13736135fbb28216f9b7b74b

SHA256
b1c421db05d437ff2811c232c8cc5ca5ce87d1570fe1787f34420d5bc5372f4f

SHA512
22e356f8f4559d5bb5ef56ba662a9dad380ee6e53967727203ab109c91dcdfbe5f1a07ae86679aed48294a0eeecbaeb4bfc2aa065a2cc9a5f66ce5ed15af3c9c

Download Submit
memory/2036-54-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing