ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992

Analysis

max time kernel
150s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
Size

972KB
MD5

ae2ee938660b7567859f95f7a76c1f8d
SHA1

3ff5bf8b629ebd646dcf0e08060a4a1d42357e41
SHA256

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992
SHA512

ae41a712d47048d36ca762354b7426d8b7d0ef501cf69bb18b8d31615846b889779856d7c4ca73583db4f5a049f00936369a6aafdd4fe16f5cfa3ce3d5734db0
SSDEEP

12288:W14J17SKvnXw12FTxUpx3ArVDuBty3jOaKwizJmlm+EfshgshdjH5PhIVM/J59VB:Waxd/wQ+Ar5RjOa92JmQ+Efshgsb

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\GbpGSvc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe"	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

pid	process
1444	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
1444	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
1444	ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe

C:\Users\Admin\AppData\Local\Temp\ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe
"C:\Users\Admin\AppData\Local\Temp\ad73e202f5b707c8998c2cbec72a503b0144b1103f32d71a0e4d96f6fec01992.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1444

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1444-56-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download
memory/1444-57-0x0000000004751000-0x00000000055FD000-memory.dmp

Filesize
14.7MB

Download
memory/1444-58-0x0000000005BC0000-0x0000000005E00000-memory.dmp

Filesize
2.2MB

Download