388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92

General

Target

388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
Size

1.3MB
MD5

272e62c63f66d6003eda456c5b5ba00e
SHA1

f60fc98710e833cc427c41b0326c81d4aca2317a
SHA256

388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92
SHA512

c015b6b41d9c3f0562b99973a5463a7ff199eda3c77ecfbae7904b03194feb53805d6a1f12da00b446fd33648be32fd61d20ce646e57ee2086b7d9aa83ec29dc
SSDEEP

24576:rrKqlGCPcJKwybUDwEZZODYmR9G+gnbkk6XRJfe3DqYO/KpLwFfngWX4VmJPak:rrKo4ZwCOnYjVmJPa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

Processes:

388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

description	pid	process	target process
PID 684 set thread context of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

pid	process
268	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
268	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
268	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
268	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
268	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

description	pid	process	target process
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
PID 684 wrote to memory of 268	684	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe	388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe

C:\Users\Admin\AppData\Local\Temp\388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
"C:\Users\Admin\AppData\Local\Temp\388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:684

C:\Users\Admin\AppData\Local\Temp\388a2e85e6e5b062f6fb57dc1e7ebf2781f52d93d0ffade13c082f0167c69e92.exe
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:268

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/268-54-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-55-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-57-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-59-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-61-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-63-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-65-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-66-0x000000000044E057-mapping.dmp

Download
memory/268-68-0x00000000757E1000-0x00000000757E3000-memory.dmp

Filesize
8KB

Download
memory/268-69-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-70-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-71-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download
memory/268-73-0x0000000000400000-0x00000000004D9000-memory.dmp

Filesize
868KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads