38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914

Analysis

max time kernel
199s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 10:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
Size

3.8MB
MD5

6047f7bfd9af940a5a44ee2de77d7ca5
SHA1

afbe23da97a705cf6297c67fcd4046a236ebad91
SHA256

38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914
SHA512

08740441f88d5ba525a1072656c6c9fd0fadd7e28e60e03ffb8d23f2d9e0264a166d6cd247993f882b8203be65db7d3a61c4c0c5d60e6c050cc6a4b07ca7729c
SSDEEP

49152:k8g7r7WsRnruuF1D02HABbWMVYWEix4Cd+s8KuqGaX0ToIBAUZLYAdFFFVKy/:k779nLI2gBgWElJBAUZLxFFFVKk

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\IESettingSync	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1400	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
1400	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
1400	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
1400	38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe

C:\Users\Admin\AppData\Local\Temp\38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe
"C:\Users\Admin\AppData\Local\Temp\38a531e1c9d1517de6ed0b8112d8ed57fe5cdc65c780ad10201d9c29b8421914.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1400

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1400-132-0x0000000000400000-0x0000000000821000-memory.dmp

Filesize
4.1MB

Download
memory/1400-133-0x0000000000400000-0x0000000000821000-memory.dmp

Filesize
4.1MB

Download