532a7d66259842f4a710ea7bc6dc48547de371bb69fc842f53934876e787efb8

Analysis

max time kernel
145s
max time network
101s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_FileViewPro_2022.exe
Size

1.3MB
MD5

5cb079f8ec885592c5538dbe0362d593
SHA1

a5702ea5dfd73c619ad2625e645b93e0a39b1451
SHA256

532a7d66259842f4a710ea7bc6dc48547de371bb69fc842f53934876e787efb8
SHA512

8787a51f3e7eacfd5f507abdfacd58aef34a704d01f84c05ec8074cb77318d3b14223ff2ca3da399633ef82d3529266bcf3bb174bf746450697117915641fb90
SSDEEP

24576:Ch6SVFzDl6eZmL4v9IoYOlrQ14T1+G05hKwzlXX8l8whkwBY2/+WLHkOU:q6UXtvDz85hK8XM8rcY/OU

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

Setup_FileViewPro_2022.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	Setup_FileViewPro_2022.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1096	AUDIODG.EXE
Token: 33	1096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1096	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

Setup_FileViewPro_2022.exe

pid	process
520	Setup_FileViewPro_2022.exe
520	Setup_FileViewPro_2022.exe
520	Setup_FileViewPro_2022.exe
520	Setup_FileViewPro_2022.exe
520	Setup_FileViewPro_2022.exe
520	Setup_FileViewPro_2022.exe
520	Setup_FileViewPro_2022.exe

C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2022.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_FileViewPro_2022.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xc4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{3FF5DC47-2E16-49B2-8FAF-245E0FAEC606}\resources.1.0.0.34s

Filesize
1.6MB

MD5
69f6bd60e75da2976f13ade5ed823784

SHA1
e3232ac96f46df123f2267e8fea21c71ab996262

SHA256
61a18769e8395633fedf85d603f4a9f5682a166c4ca821669c71e19eedd37a6b

SHA512
49ca9f7ac29c1f5f0fb0003ac96af608815eb5d6be5616bbfde7da976741c8ebc0a3bdcf111af1739420d3eaedc849548a2f29d3d4e654620ae715af75a1c767

Download Submit
C:\Users\Admin\Downloads\AddImport.pptx

Filesize
1.4MB

MD5
bcc5922f33590956321f89d39c543c1a

SHA1
1d62cf52a8704395ff0c61d516daa3b121397037

SHA256
a7366cdaff9089640125e426e5460ef207f3b48e28fec5b98c4df8af656808a0

SHA512
312e540691a8ec5357873574b568e98064a3ee9fb7f1bea3de01f9307be200f7ba2ab0b19b0ca2563aa65a86712425e8b7e73ca339b87432ed94c3ff1995f251

Download Submit
C:\Users\Admin\Downloads\BlockExit.pptx

Filesize
485KB

MD5
b9ae6a9cce2efc30c6315df56493ba2c

SHA1
63d0fd48f5e25380f7ee54907c12c11265daf526

SHA256
a695b84bd2ceca87577edbdb60016835967879ad70ec3ccfe7bad992785bbc4f

SHA512
54c83c154bd35ac0dd35f6e6fd7c07a7b8aea15449d284b0acb6bf11aab0bc6ad81276c5e5e237332aa68284dbe0712e337a0f4dbbb722af50942f9e573eab8e

Download Submit
C:\Users\Admin\Downloads\CompareDisable.dot

Filesize
643KB

MD5
100f7d14721098bf6d2153531ade0b7a

SHA1
a8cfeaeb1738f47118dfca7aaf0379e5cc308584

SHA256
6748edd418b93c111742edda4fe7b027f65c5c1a081f8c6e8ea90e062d133368

SHA512
bde094240375920f7087f9d861b4744da707531b3613be64b3fd2e5bd2abeab1258c21dc3702ce271b79c2dcbede80d565868652dcf9a7eb16f7d741ce4e6285

Download Submit
C:\Users\Admin\Downloads\ConnectApprove.ini

Filesize
688KB

MD5
deddc4a028b933fdb9cc8afb6ce00df1

SHA1
ed4e267e9f04f3c5e159c919f9028660e895748e

SHA256
04d8919fceedce6dd6063c7ec1380034bf7d05c16858c4a95f81c42806611953

SHA512
0438e9c20cfb8e7d9d66b9bed18ee7603d0ecd1ece67a041ab3545666b97a6c97cbca1db7981d725c62b31a23a29f5c573dec6fed0b54889909610fe943e2f8e

Download Submit
C:\Users\Admin\Downloads\ConvertFromStep.fon

Filesize
733KB

MD5
48ad94ab86657439e6b32ab27c7784c4

SHA1
64627219fee7aff3a2b6b6b3483c7280509df26a

SHA256
972b98201a477d16c9b2282954d593f8c9747cd15ada0a22553d30f02cd4f78d

SHA512
3bad07045c2a9d5cfa913e64dd1a67b7ab7c16a2ae8a4df211ea4839635b7bbc02a69698ddab43019e0b2ebcc34d5fa81765139e65654565fe86bd6a91a1e548

Download Submit
C:\Users\Admin\Downloads\DebugEdit.docx

Filesize
981KB

MD5
f58ea1a8eb4051d7a0cfcdae7bae6f55

SHA1
2cf4d707d851e9fd3e0d6fbec8baa91ccd11ce77

SHA256
9928608a9e58de4be8614db777557268c150719667dbad7e7a199528a5f97ff2

SHA512
7ef034b930857780d4f9d13e8a1f87168dceb4f3cce4b96d6bdb33e3a41fa97170ea019868982663ede96ca06ea007d99858cd21159beebf25c6f9e9890f1601

Download Submit
C:\Users\Admin\Downloads\DismountNew.mp4v

Filesize
959KB

MD5
74a38603f5d6c6e2ce54d8aa7dc7b21d

SHA1
8a698b528a4cd1c29bac88247118bdb412c33a1a

SHA256
03b53d559cc29ad5c3d6932f81a3bbba6c54c2f7e1dff7edcc2bf68d3b9d088b

SHA512
c9b6d750c2278721dd66e748d4370ae541a94ec035965bc51ef5253ee99b854cbd92d128e362377f57a3265c7bbca582c22e38b9b9c989f56c807e51f2183aca

Download Submit
C:\Users\Admin\Downloads\DismountRepair.TS

Filesize
868KB

MD5
c4d4bc1151e9af64df4c7a267f08409c

SHA1
d76c5de3adcbe75ae90bb04a64c3bab117b4c743

SHA256
6f2a19afe29bd177bce2661ebe4d4461dad32b8019cf2ba7d43d09a15d8ef235

SHA512
0f739114192649b683cf1e2fcaaa812d98e142d9bca9855d32022886675b218bea6b61b040db6614b446595c849080dcee26bf4f6051a0a7bc04ea43ff4a1e98

Download Submit
C:\Users\Admin\Downloads\ExitRemove.gif

Filesize
1004KB

MD5
5cceaf22ab749abf7c3c95e841c44d87

SHA1
87180ca74d1c854845e728444c7b299ffe74c984

SHA256
39cf08a77a078719195f463df420b273bde8b5b2fd63340194f981d7384c0103

SHA512
fe3466ff024bc0bfd657052d551e39ffd4d4b1934cb1a2dda6c4d821970574f2ec09b62e2b61f3b4c936662eb8f70cc1d476624f3bfb8278d1794fb49480d177

Download Submit
C:\Users\Admin\Downloads\ExpandRegister.MOD

Filesize
1.0MB

MD5
a01c3c078bc3f7321db5de74029d2eec

SHA1
5a62c13f807436ec15fea7f5b383480847d2a230

SHA256
23c233ca4419f69d8b7bb3022b26bf00450095e3de7f9877f46a06ea8e3f758f

SHA512
d93b780270007278bffc41649ae5b2937bd264dd1e99ed34979c033d2cd8e80647d4b114ad1fb7a5318d89e25b21f0478a4ce7458af0e0113195bd66230f5849

Download Submit
C:\Users\Admin\Downloads\GrantFind.dib

Filesize
891KB

MD5
76088535baaed81ee28bd3c5b8f8f210

SHA1
6a68754f5bbe52a8e8084b2c996ad1860f290640

SHA256
5f0ed7b9521b1a9a4048d51ea8129940295fa4ee13f1afcddf6087e7fd36f049

SHA512
4f32d7312a5abcbc94c2931a7ee5a7c4b7e4ab2813d8cc8d98838ed9be957b0bad8c50ae247374f3e931771d44e170e5606d8e791952454cf352e409f4ea5a21

Download Submit
C:\Users\Admin\Downloads\MoveWait.raw

Filesize
620KB

MD5
b783fe605cdbecbb8de9080a6aa067b9

SHA1
3e8616508f86f084ee9940eb86e13bff598edc57

SHA256
7171463371c95e2bc20ade6868562b06c44f3ef41b759e3ca98172395e295c47

SHA512
22a7fc81b2345cacf77a983bd16f7d66e89585fe5cb7e59510017575a11a93715eb7d27964c4f370622830d112ca8f91df8f8fe4d982d146d9736461b22b846d

Download Submit
C:\Users\Admin\Downloads\OpenRequest.pps

Filesize
440KB

MD5
4312b016113a83bcf219ff334fef3d40

SHA1
2191b799f9e4df5ff19856897a11b040b8ff95cf

SHA256
fc23a211403bc4e5dac43a214402371d756bebfbbec914dc426a4ca98b0db109

SHA512
7696e0c40e63602c62a54d07ced4e4639a10f190657e2d992391b821110feef1ceec3fe4b674d2e06e60b2231655facd785bdab5fecb3ebca4fafa78c908e90c

Download Submit
C:\Users\Admin\Downloads\PopJoin.cab

Filesize
801KB

MD5
6242d4c74ee71bcf5f483bad6ec53c29

SHA1
83376f91367d69ef55499987417d7c09129de7e4

SHA256
f42171bb1635a529ecd8ffe6a6c40307aeb91737f48e34e232fd34e4e0decd9f

SHA512
69a4eb02381ce412d32537ef9fc88646688421ad6f17ffa42b384742af28d1776136c1e66a580222e07a385e9aada0268768d8bbc2fb9b812a4e1a3a7930f5fc

Download Submit
C:\Users\Admin\Downloads\ProtectRead.avi

Filesize
552KB

MD5
cc3eeb2bb3368285708a4297a523e0b1

SHA1
ae2def4405910ab15d86bd8f65072a88d025074d

SHA256
183688b106ae415299df1dc9ac94c7e6ddf06f0dd23b8bb9362dbec76717dced

SHA512
2d1b6fb0d2b787e7d3b51ece0f5cd46b05c7c2e32981c3f9aca33c357cf3188e126e66e6982579b9d9dd9187aa38906cada518f143f88fab5772194b8b65381f

Download Submit
C:\Users\Admin\Downloads\PublishConvert.rtf

Filesize
530KB

MD5
16c50f751a34c41b77b2b46588650bbe

SHA1
89d8b615405ca1e8ab16d8e8a567e57adb61526e

SHA256
f4e60e24eeac1ddd08876943d1f91e2b4999947976869ab7584afe6b4365c984

SHA512
d7efbf7faf297cbf6707f36b94fc6d4693ada24d435f4eca602b6b4c4617accf7aa1f5fe7bb06fa82750081038a5c11fc130d64df253af68789f734192c9489b

Download Submit
C:\Users\Admin\Downloads\PublishRepair.temp

Filesize
507KB

MD5
3a817e66908e571f099467fd4ccea09c

SHA1
70a5d6372f1508bb486a0475948591a3f2a977da

SHA256
d5f9e7719abfb80a1d9d85dd9ca2ecd969d8656ed0b57a50f33ab361fd01e8c9

SHA512
4ea737235a0a5bde8e852c6a4bcd045e6fc0dce4c6b5b0399052d385be5844a363c61a2dd2996bbb5c0df1c49a4b210f5675791c3aecaeda847dc6f4389c71c1

Download Submit