bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912

Analysis

max time kernel
152s
max time network
140s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe
Size

471KB
MD5

3c79ec99d434de09257316ec0169bca1
SHA1

f308e8c726383539ee3d9d828c960e3dfb3bff3a
SHA256

bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912
SHA512

d94be974cc298e4fac1ce50c81a60479ea7edb91746241553349924d449ab412cc160af362da2ccac6f9341a3af5c2706befd2160ade5c8bf6f420a85d1f8f5f
SSDEEP

6144:E5fYH5EeQRFT7Zoi1jY0Ie++M0vLvsZ2tsR6lRStFaYcr/bK+gGfZBZoKQJrV519:nQR17Zoi1LIeJMsvsrcl0tQRZydVnh

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
748	wgapeuvubjtcez.exe

Loads dropped DLL 2 IoCs

pid	Process
824	bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe
824	bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	wgapeuvubjtcez.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	748	wgapeuvubjtcez.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
748	wgapeuvubjtcez.exe
748	wgapeuvubjtcez.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 748	824	bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe	28
PID 824 wrote to memory of 748	824	bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe	28
PID 824 wrote to memory of 748	824	bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe	28
PID 824 wrote to memory of 748	824	bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe	28

C:\Users\Admin\AppData\Local\Temp\bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe
"C:\Users\Admin\AppData\Local\Temp\bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:824
- C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe
  "C:\Users\Admin\AppData\Local\Temp\\wgapeuvubjtcez.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:748

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
471KB

MD5
3c79ec99d434de09257316ec0169bca1

SHA1
f308e8c726383539ee3d9d828c960e3dfb3bff3a

SHA256
bdc51472be31d5f3b0fc9720b70076733cb6a11dd803cd7e1c7fcb6d8e41f912

SHA512
d94be974cc298e4fac1ce50c81a60479ea7edb91746241553349924d449ab412cc160af362da2ccac6f9341a3af5c2706befd2160ade5c8bf6f420a85d1f8f5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
C:\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
\Users\Admin\AppData\Local\Temp\wgapeuvubjtcez.exe

Filesize
19KB

MD5
41b6199415075e5e59f766b80f0de9d0

SHA1
8dee026bd21eb2835a31707300879e3d5c3fdaef

SHA256
9d97f6539209d1482e8510bc40a8bff668e7863adee6ebf51a46e6e912d585b5

SHA512
3f5c38cb855d7319b737f1cafb0b9b51fa93b12a91b8c35cd04e4a816dc2c5e8dc26dc50d0c653ddb037a75e6a560b2cbf618c74e013bf4ea6e90188bf3d4af2

Download Submit
memory/748-59-0x000007FEF4170000-0x000007FEF4B93000-memory.dmp

Filesize
10.1MB

Download
memory/748-60-0x000007FEF30D0000-0x000007FEF4166000-memory.dmp

Filesize
16.6MB

Download
memory/748-62-0x000007FEFC191000-0x000007FEFC193000-memory.dmp

Filesize
8KB

Download