034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5

Analysis

max time kernel
167s
max time network
199s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe
Size

454KB
MD5

cd2184b7d7cd2b0af248b7a9e999b1c2
SHA1

dcddad6f6662142f4ae91b7bc2a685cec5087053
SHA256

034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5
SHA512

670bc8bfe8ebf29b933be9e9a27665e105825bbbd868b8242d59ad64d585e94eff2c421543caf48d1a64581d078b7795017baa39645198700d777c645555e4d5
SSDEEP

6144:wvaqS4IR/kviXzd45seH6zdi69hxMwjPVl0x55TurrU41APIJgU6Xozwdab0BXlu:v/kviXzdcH6N9h/Vl45aPU4EEkdBbu

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
948	iobwnedxjvdevl.exe

Loads dropped DLL 2 IoCs

pid	Process
1716	034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe
1716	034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	iobwnedxjvdevl.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	948	iobwnedxjvdevl.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
948	iobwnedxjvdevl.exe
948	iobwnedxjvdevl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 948	1716	034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe	28
PID 1716 wrote to memory of 948	1716	034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe	28
PID 1716 wrote to memory of 948	1716	034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe	28
PID 1716 wrote to memory of 948	1716	034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe	28

C:\Users\Admin\AppData\Local\Temp\034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe
"C:\Users\Admin\AppData\Local\Temp\034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe
  "C:\Users\Admin\AppData\Local\Temp\\iobwnedxjvdevl.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe

Filesize
11KB

MD5
012c637753ac0d8a386081dfe410b909

SHA1
41fe035f1a2f8bc19ad18d24c1195b13935af362

SHA256
1c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17

SHA512
ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
454KB

MD5
cd2184b7d7cd2b0af248b7a9e999b1c2

SHA1
dcddad6f6662142f4ae91b7bc2a685cec5087053

SHA256
034035df856375a179c27a90d1f25e473fd7f2703ac87b3cb46bc80877c5e9c5

SHA512
670bc8bfe8ebf29b933be9e9a27665e105825bbbd868b8242d59ad64d585e94eff2c421543caf48d1a64581d078b7795017baa39645198700d777c645555e4d5

Download Submit
\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe

Filesize
11KB

MD5
012c637753ac0d8a386081dfe410b909

SHA1
41fe035f1a2f8bc19ad18d24c1195b13935af362

SHA256
1c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17

SHA512
ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983

Download Submit
\Users\Admin\AppData\Local\Temp\iobwnedxjvdevl.exe

Filesize
11KB

MD5
012c637753ac0d8a386081dfe410b909

SHA1
41fe035f1a2f8bc19ad18d24c1195b13935af362

SHA256
1c8c7c950c32bc85e83cf670781206eb67847e53a818fc761567033e6bcbea17

SHA512
ffe6c77e41e3e3872453cf48dcc73b8c1d232a65ad14d411b29f2224d8acfb7a665d2adc3668cabbc3a670a3f3ca3dc0b752fa18cd7b55d2fcd5fb5fb1721983

Download Submit
memory/948-58-0x000007FEF3EF0000-0x000007FEF4913000-memory.dmp

Filesize
10.1MB

Download
memory/948-59-0x000007FEF2C10000-0x000007FEF3CA6000-memory.dmp

Filesize
16.6MB

Download
memory/948-61-0x000007FEFBB81000-0x000007FEFBB83000-memory.dmp

Filesize
8KB

Download