dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca.exe
Size

473KB
MD5

26f69c882d37a84b11125de867ac3e3b
SHA1

a45fee61c2c63688db3d16b56d8d0937fe289c66
SHA256

dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca
SHA512

787e2f3f620cb17bf215c18406cb576dfa6688df79be88e5172c071279f8a4d49c425579078db9d6eb16655f7a660f72fa476c7ad2f3169bc69e7a151511b837
SSDEEP

12288:m1NYSFVu5F+lmkbOIuafvZ33k5yilKW2:mM9+FbOI9xE5ys

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1944	dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca.exe
1944	dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca.exe

C:\Users\Admin\AppData\Local\Temp\dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca.exe
"C:\Users\Admin\AppData\Local\Temp\dbe306d9477ddbe4072b424efedc1b050c3a88fcee69f3bbbc5ba654b806f9ca.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-54-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download