a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4

Analysis

max time kernel
155s
max time network
162s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe
Size

697KB
MD5

20b7cf6316fd13fbfea6c89484a1f760
SHA1

2d6f4d5f2b703f285a9ff2e221815f6da9a1d5ac
SHA256

a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4
SHA512

306e8533cfa09e4ba8f03a1cd193ee9ac545d3f04a378804caefa41e5defa79552c559b71d3a4d4c29b2a9e6d0c89abe5c87b75d424b5d4c6ad9e673aec89b28
SSDEEP

12288:brwMz6qwEW6I7icWJE/czSHx2wIY/Q1KGgDU2sa7pkxIPnUsBxKNAndWXrGX0:wMwEWr7Cm/czQxJGgDea7pk2nUWKNNyE

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2004	sxe596A.tmp

Loads dropped DLL 2 IoCs

pid	Process
1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe
1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	sxe596A.tmp

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2004	sxe596A.tmp
2004	sxe596A.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2004	1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe	27
PID 1044 wrote to memory of 2004	1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe	27
PID 1044 wrote to memory of 2004	1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe	27
PID 1044 wrote to memory of 2004	1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe	27
PID 1044 wrote to memory of 2004	1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe	27
PID 1044 wrote to memory of 2004	1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe	27
PID 1044 wrote to memory of 2004	1044	a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe	27

C:\Users\Admin\AppData\Local\Temp\a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe
"C:\Users\Admin\AppData\Local\Temp\a9c3940f167e232dc4619f922dfe7f71327a138621e42085059222bf723772d4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\AppData\Local\Temp\sxe596A.tmp
  "C:\Users\Admin\AppData\Local\Temp\sxe596A.tmp"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\sxe596A.tmp

Filesize
1.3MB

MD5
aebdbc81cacdc10964fbb98ef935d385

SHA1
199721ab9936bd6db39ff86522079dcc77b19b22

SHA256
5ee630dc7fcb5d253cb7381f949e86b3693da8d37fb68e2e94d3b8a088aba0d8

SHA512
3df261c0368b1d5bc2cfec263558d2aae38201278232a252ff82182dff45d9f55422590f89ed3f579a4f36e1d38cef4cde0ace8e0bdf0dca3fa3d8bc61591193

Download Submit
C:\Users\Admin\AppData\Local\Temp\sxe596A.tmp

Filesize
1.3MB

MD5
aebdbc81cacdc10964fbb98ef935d385

SHA1
199721ab9936bd6db39ff86522079dcc77b19b22

SHA256
5ee630dc7fcb5d253cb7381f949e86b3693da8d37fb68e2e94d3b8a088aba0d8

SHA512
3df261c0368b1d5bc2cfec263558d2aae38201278232a252ff82182dff45d9f55422590f89ed3f579a4f36e1d38cef4cde0ace8e0bdf0dca3fa3d8bc61591193

Download Submit
\Users\Admin\AppData\Local\Temp\sxe5929.tmp

Filesize
15KB

MD5
bd815b61f9948f93aface4033fbb4423

SHA1
b5391484009b39053fc8b1bba63d444969bafcfa

SHA256
b018bf9e9f8b6d945e6a2a25984970634884afabc580af2b4e855730520d5d76

SHA512
a363abe97b5a44e5d36af859e8d484daffe1d8e321c87969a75d1bfaa4288a5e6be1922a02c6d72937c84e81a79a1c7f6c9f2a44a995cac3f993ed5608afcd71

Download Submit
\Users\Admin\AppData\Local\Temp\sxe596A.tmp

Filesize
1.3MB

MD5
aebdbc81cacdc10964fbb98ef935d385

SHA1
199721ab9936bd6db39ff86522079dcc77b19b22

SHA256
5ee630dc7fcb5d253cb7381f949e86b3693da8d37fb68e2e94d3b8a088aba0d8

SHA512
3df261c0368b1d5bc2cfec263558d2aae38201278232a252ff82182dff45d9f55422590f89ed3f579a4f36e1d38cef4cde0ace8e0bdf0dca3fa3d8bc61591193

Download Submit
memory/1044-54-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download