78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61

Analysis

max time kernel
64s
max time network
85s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61.exe
Size

478KB
MD5

346e781b9d0faa76fd9a87f22c4fb4fe
SHA1

c7e767689a680599055c9faaefdaff064e8cb18e
SHA256

78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61
SHA512

5834396a5812b96f002a40e1026e57f1db6fb5f27878bce59a7ac2879aec9e0a10a5b72cd01a3def0aa21e3bebeb5cf0aca71ac711bd126326bee92e7e42ffde
SSDEEP

12288:LroAeNXOsRbfEDHq1jUyE+RW9qEbRCw96jotA:LroBzfEDqlUDX9q2gwQj

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1900	78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61.exe
1900	78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61.exe

C:\Users\Admin\AppData\Local\Temp\78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61.exe
"C:\Users\Admin\AppData\Local\Temp\78ee02a6ae608dee5ec3b906ce8d871459fc5890517bd8bbb226bb267b624a61.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1900

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download