54db8352f6d19e7ab334d3df3da3a335c201490f265cfbc83f009a4a16937e47

Analysis

max time kernel
133s
max time network
124s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09-07-2023 07:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54db8352f6d19e7ab334d3df3.exe
Size

244KB
MD5

88e12800e87bc9a3f34fe9ef6070299a
SHA1

0898875ef0c079f757f0b45cc34566df13c44070
SHA256

54db8352f6d19e7ab334d3df3da3a335c201490f265cfbc83f009a4a16937e47
SHA512

630e90c68a9d6954ae4658ee97020e2882c88765369046588237bc5a95027f9f932680a693cdc62addaed349237e315d1a52b2b843255c2070a830fa82ecedda
SSDEEP

3072:MFXMiTZOek0drM6a4VsBGcddZ2G3xebtv+xsmz:MFXMiTZxdrpK1vEZd

Score

10^/10

evasion phishing trojan

Malware Config

Signatures

Detected phishing page
phishing

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

54db8352f6d19e7ab334d3df3.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	54db8352f6d19e7ab334d3df3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

54db8352f6d19e7ab334d3df3.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main	54db8352f6d19e7ab334d3df3.exe
Key created	\REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	54db8352f6d19e7ab334d3df3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3891603265-141683679-4067940827-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	54db8352f6d19e7ab334d3df3.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

54db8352f6d19e7ab334d3df3.exe

pid process

1796 54db8352f6d19e7ab334d3df3.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

54db8352f6d19e7ab334d3df3.exe

description pid process

Token: SeDebugPrivilege 1796 54db8352f6d19e7ab334d3df3.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

54db8352f6d19e7ab334d3df3.exe

pid process

1796 54db8352f6d19e7ab334d3df3.exe
1796 54db8352f6d19e7ab334d3df3.exe
1796 54db8352f6d19e7ab334d3df3.exe

pid	process
1796	54db8352f6d19e7ab334d3df3.exe

description	pid	process
Token: SeDebugPrivilege	1796	54db8352f6d19e7ab334d3df3.exe

pid	process
1796	54db8352f6d19e7ab334d3df3.exe
1796	54db8352f6d19e7ab334d3df3.exe
1796	54db8352f6d19e7ab334d3df3.exe

C:\Users\Admin\AppData\Local\Temp\54db8352f6d19e7ab334d3df3.exe
"C:\Users\Admin\AppData\Local\Temp\54db8352f6d19e7ab334d3df3.exe"
1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1796

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-54-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download