20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09-01-2023 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff.exe
Size

5.0MB
MD5

78a2e38d38e92ba7191724dde0b1d440
SHA1

6c29f879408628e0ff7d543f36195240b4b73f8f
SHA256

20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff
SHA512

4c642079c1bbe0267552f108f458ec9fa222ef044048b27b6d73f4735a16d4276c6d9057e8aa6f0610db1c02164e6911703c5605b2867a9c469102a5e01359c8
SSDEEP

98304:I4Dk4hEE5opVlpNQmwOiPglzA/pk7xT7ySlE4/59L89xhUEndk+rl:3kk/mVtQmVi4lOy1EBTZd7l

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1976	20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff.exe
1976	20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff.exe

C:\Users\Admin\AppData\Local\Temp\20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff.exe
"C:\Users\Admin\AppData\Local\Temp\20b1da3c2f8ac7858846d89788dea969d68a1f8390af86c7a8c7c64b8a36b2ff.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-54-0x00000000762B1000-0x00000000762B3000-memory.dmp

Filesize
8KB

Download