d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b

Analysis

max time kernel
225s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b.exe
Size

32KB
MD5

ba2c525cbf427ece9acf3fa51c443706
SHA1

edc8825640692d86bcc7a544739b2fcbef2f9ca6
SHA256

d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b
SHA512

fa7bdd54d3dd4aa879341663ed07b20a028366f1dd96355847573f98e7864c766adadd7b9d1c893ee78c078904bb19ea681c750f2908032f1ee5d08eace6f227
SSDEEP

768:o/O5uVDCF/Yr3lbQFKFflvuyz5dM3mxu9C:sOKruyz5dMWxuY

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1988	d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b.exe
1988	d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b.exe
1988	d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b.exe

C:\Users\Admin\AppData\Local\Temp\d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b.exe
"C:\Users\Admin\AppData\Local\Temp\d0c55a1d5baf7ae7a428b77a38f7e1f254e7e7194e2036fafecb7ecd25bc120b.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1988

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1988-56-0x0000000075831000-0x0000000075833000-memory.dmp

Filesize
8KB

Download
memory/1988-57-0x0000000002B70000-0x0000000003BD2000-memory.dmp

Filesize
16.4MB

Download