4f064bd9f51946198a629ad30029010ac5338f34cb3524d3c1f2ea53d10034a2

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VisionRO Patcher.exe
Size

4.2MB
MD5

fbdfa78608134420cbb317d78ae77559
SHA1

0d3374a121ca2092b6d79e01d785223084743121
SHA256

4f064bd9f51946198a629ad30029010ac5338f34cb3524d3c1f2ea53d10034a2
SHA512

83ec3cffc7b2b3042e71adfb9d3cfd91c4fceea0210cec6c6c4503a414d7c867e02166bb58de4bbdd85f380aa1fb8ff762770be1d9aabb678c15bc1aa0f9987d
SSDEEP

49152:LY6Me5IyWwCLP1ckpkSN5qor7t4JqjQTcGhH7iTElT0dzAuWiwF8M9sY6v+2HwPZ:06MvtbdcaFBk3TcGQdDWiwF8C6v+P0u1

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\desktop.ini	VisionRO Patcher.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\desktop.ini	VisionRO Patcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main	VisionRO Patcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	VisionRO Patcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1563773381-2037468142-1146002597-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	VisionRO Patcher.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1048	VisionRO Patcher.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1048	VisionRO Patcher.exe
1048	VisionRO Patcher.exe

C:\Users\Admin\AppData\Local\Temp\VisionRO Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\VisionRO Patcher.exe"
1⤵
- Drops desktop.ini file(s)
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1048

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\System\itemInfo_EN.lub

Filesize
7.3MB

MD5
7a6c94cbfa2505d052272f5734fc7609

SHA1
32515012e40790b247748b2cf71729e103692727

SHA256
1fddaebeffe2ae870df45f5e431d6622ebb80f72b58eaab79332967a6dd7293f

SHA512
ecba63b90a9d1ce83eb189d28e2b56253c095da5efbe9d5c50b81a112d417507b623227e74e95267a076a9b988d0b8d35fc1eb6fcd9f9db6f15b8a75ba1065ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\desktop.ini

Filesize
114B

MD5
5e0f0213dcdfa7239e97f3a420ec90aa

SHA1
498c03b2b0da99b123aecf938d3706299a072846

SHA256
b397593dfc5b783bfd64b605f7ef6447c69ffd70bb57cc9f90016f01a1ab8fa0

SHA512
e61a0ad79d83b38cb243453275e70d60908fc0dae4874299e9d83384c4736286abb5969ab4763fda82e09b8fc9fd01ebde271ff6a5a7d12ef73334b0bbe08552

Download Submit
memory/1048-90-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-55-0x0000000003440000-0x0000000003480000-memory.dmp

Filesize
256KB

Download
memory/1048-89-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-54-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1048-119-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-120-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-121-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-136-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-71-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-88-0x0000000003440000-0x0000000003480000-memory.dmp

Filesize
256KB

Download
memory/1048-164-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-165-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-166-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-167-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-168-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-169-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-170-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/1048-171-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download