304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7

Analysis

max time kernel
41s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7.exe
Size

7.8MB
MD5

a8d2b0f3844e35cf39908d913fb7c67e
SHA1

dc448b89c9e290f903e1cae977711dbe8738402a
SHA256

304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7
SHA512

1f044e9fbb0f1832eff4a235c366aabdf16bc033c732f79947cf8b87c6996c0e59bf0dd4d23f7f6366d2f39f3d8abbb55360e35d40e086cde5b8160cc3c3bbe2
SSDEEP

196608:95xrFBxBqk1nsN6BMaao0PuQC38qFFlUDRGPn:9brFBxBq+sN6/ao0PuQCJlsYn

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1440	304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7.exe
1440	304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7.exe

C:\Users\Admin\AppData\Local\Temp\304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7.exe
"C:\Users\Admin\AppData\Local\Temp\304b9bd2e6f547b93207eccfb2d8dff1b3c26d73d6b944af0c1ed76f7f7064a7.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1440

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1440-54-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download