4f064bd9f51946198a629ad30029010ac5338f34cb3524d3c1f2ea53d10034a2

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VisionRO Patcher.exe
Size

4.2MB
MD5

fbdfa78608134420cbb317d78ae77559
SHA1

0d3374a121ca2092b6d79e01d785223084743121
SHA256

4f064bd9f51946198a629ad30029010ac5338f34cb3524d3c1f2ea53d10034a2
SHA512

83ec3cffc7b2b3042e71adfb9d3cfd91c4fceea0210cec6c6c4503a414d7c867e02166bb58de4bbdd85f380aa1fb8ff762770be1d9aabb678c15bc1aa0f9987d
SSDEEP

49152:LY6Me5IyWwCLP1ckpkSN5qor7t4JqjQTcGhH7iTElT0dzAuWiwF8M9sY6v+2HwPZ:06MvtbdcaFBk3TcGQdDWiwF8C6v+P0u1

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\desktop.ini	VisionRO Patcher.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\desktop.ini	VisionRO Patcher.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	VisionRO Patcher.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	VisionRO Patcher.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\IESettingSync	VisionRO Patcher.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	VisionRO Patcher.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3944	VisionRO Patcher.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3944	VisionRO Patcher.exe
3944	VisionRO Patcher.exe

C:\Users\Admin\AppData\Local\Temp\VisionRO Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\VisionRO Patcher.exe"
1⤵
- Drops desktop.ini file(s)
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3944

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\System\itemInfo_EN.lub

Filesize
7.3MB

MD5
f063e84882bdf08c71f817673143d697

SHA1
91bda8ef47cfeb6a687b144f1cd0eec2ea3c9df0

SHA256
f1b254eee7c53ff95d16f9a0bacfccd8acf71fd7b1c0221204706058536a5d59

SHA512
aace4a4d059dbd78f31dafb66a55f0f510eea322047cc8da707613b9a18b148341e92a64208da5acc9717a3f91f95b5c78514414fc4dd0e7bdb232b62553c1e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\desktop.ini

Filesize
114B

MD5
5e0f0213dcdfa7239e97f3a420ec90aa

SHA1
498c03b2b0da99b123aecf938d3706299a072846

SHA256
b397593dfc5b783bfd64b605f7ef6447c69ffd70bb57cc9f90016f01a1ab8fa0

SHA512
e61a0ad79d83b38cb243453275e70d60908fc0dae4874299e9d83384c4736286abb5969ab4763fda82e09b8fc9fd01ebde271ff6a5a7d12ef73334b0bbe08552

Download Submit
memory/3944-196-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-197-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-154-0x0000000002EC0000-0x0000000002F00000-memory.dmp

Filesize
256KB

Download
memory/3944-163-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-164-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-165-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-166-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-177-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-133-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/3944-146-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/3944-136-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-134-0x0000000002EC0000-0x0000000002F00000-memory.dmp

Filesize
256KB

Download
memory/3944-239-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-240-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-241-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-242-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-243-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download
memory/3944-244-0x0000000000400000-0x0000000000877000-memory.dmp

Filesize
4.5MB

Download