acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f

Analysis

max time kernel
152s
max time network
142s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 20:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe
Size

454KB
MD5

d5b5b91407237df8b463297b5fa31b76
SHA1

a5099b81223ffe58eb19a8d50066c0622363d448
SHA256

acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f
SHA512

30c30fedb3733a1bb034ea36d91ed075e92215a17f4af94a36ba4e335c24310d9ae23064535ef7ea8b1dc1687baa481d998309a67bdada23a474b9e7fef62683
SSDEEP

12288:C/kviXzdteey0HHgXwr38Eh+Mb86O7rFTHKB+:mdtzjHYwX1bg7Z

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2024	djgmejcgdblwff.exe

Loads dropped DLL 2 IoCs

pid	Process
1900	acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe
1900	acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	djgmejcgdblwff.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2024	djgmejcgdblwff.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2024	djgmejcgdblwff.exe
2024	djgmejcgdblwff.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2024	1900	acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe	27
PID 1900 wrote to memory of 2024	1900	acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe	27
PID 1900 wrote to memory of 2024	1900	acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe	27
PID 1900 wrote to memory of 2024	1900	acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe	27

C:\Users\Admin\AppData\Local\Temp\acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe
"C:\Users\Admin\AppData\Local\Temp\acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Users\Admin\AppData\Local\Temp\djgmejcgdblwff.exe
  "C:\Users\Admin\AppData\Local\Temp\\djgmejcgdblwff.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\djgmejcgdblwff.exe

Filesize
11KB

MD5
702cafa129a698906160b1605c354729

SHA1
3166b8b4b9b3123473f449859953587b80649192

SHA256
c16d843b5abe3a481f938abc11d7c79dc99d522ce89ac4089ad2f49f934cd16a

SHA512
b66dcab23eeadc6466174b78fe2840ebc8f26baba5ed24a457dc0614b227315c16c1542ef8b3dd2917e786a6558f1e0f48f0ed2bb4af5a95c8f94127969d6656

Download Submit
C:\Users\Admin\AppData\Local\Temp\parent.txt

Filesize
454KB

MD5
d5b5b91407237df8b463297b5fa31b76

SHA1
a5099b81223ffe58eb19a8d50066c0622363d448

SHA256
acb0e1fbe5e4edb31394bc0b095ac75c0cbcecd1af8ab3566549d8e19415318f

SHA512
30c30fedb3733a1bb034ea36d91ed075e92215a17f4af94a36ba4e335c24310d9ae23064535ef7ea8b1dc1687baa481d998309a67bdada23a474b9e7fef62683

Download Submit
\Users\Admin\AppData\Local\Temp\djgmejcgdblwff.exe

Filesize
11KB

MD5
702cafa129a698906160b1605c354729

SHA1
3166b8b4b9b3123473f449859953587b80649192

SHA256
c16d843b5abe3a481f938abc11d7c79dc99d522ce89ac4089ad2f49f934cd16a

SHA512
b66dcab23eeadc6466174b78fe2840ebc8f26baba5ed24a457dc0614b227315c16c1542ef8b3dd2917e786a6558f1e0f48f0ed2bb4af5a95c8f94127969d6656

Download Submit
\Users\Admin\AppData\Local\Temp\djgmejcgdblwff.exe

Filesize
11KB

MD5
702cafa129a698906160b1605c354729

SHA1
3166b8b4b9b3123473f449859953587b80649192

SHA256
c16d843b5abe3a481f938abc11d7c79dc99d522ce89ac4089ad2f49f934cd16a

SHA512
b66dcab23eeadc6466174b78fe2840ebc8f26baba5ed24a457dc0614b227315c16c1542ef8b3dd2917e786a6558f1e0f48f0ed2bb4af5a95c8f94127969d6656

Download Submit
memory/2024-58-0x000007FEF39C0000-0x000007FEF43E3000-memory.dmp

Filesize
10.1MB

Download
memory/2024-59-0x000007FEF2920000-0x000007FEF39B6000-memory.dmp

Filesize
16.6MB

Download
memory/2024-61-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download