09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462

General

Target

09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
Size

15.4MB
MD5

d5bc7e77b7bd6a74f7d8dafe8776a2ef
SHA1

90f4b8462c6ec5415e8ceedb52363c8d4a6d06ae
SHA256

09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462
SHA512

d25fa2da9335c147cd13c795f58a578943eeb4ab0d9ec9faaf6543239609bb553775740c6a419a6fdcace41e609433f5bd3ecc8964a12be2bd33610492dbd721
SSDEEP

393216:3VhgLN/qpGQLRetqfp9tcIdOAbfLt7WNcyJ7es68G:3VhgR/t4Hrt72cy5ib

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2428	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2428	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2428	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
2428	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
2428	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
2428	09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe

C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe
"C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\09314afa7c2288fbc6cea5198ec3c53efd3cef88ba2d5ba104a1bb9e72e57462.exepack.tmp

Filesize
2KB

MD5
21aa48867766e568147b201473fea385

SHA1
dc1850bc71e0fc490dbe20ac13ec2cebc380c485

SHA256
e9385421108ca10bc9947c245758dc796472453dcbd9c7f616e7d5b784208b35

SHA512
efed7e2653261a8394c834ccda42e24251718d2d879c7a5464b5b6462114b9739d79f6885d13a0832345a7c140879a24241be50e2466e706d29bfa6d66abc1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\92348d5b60255c1807404911f08098a8.ini

Filesize
1KB

MD5
5ac58ca75a4642c6a08a93040815daa2

SHA1
3750f3124bab4b762c6b44095be5003ed016742f

SHA256
3dc8438858b9db4fc32a3ad3e69b1be2902e604e8bc36cdb0c216d3f9704779e

SHA512
6c2c5cdd6ba4fd7acd7c83b965874b85219c09a79b3857f20c29d1d33ae309ea04397b5ca2801902261c3e9c50e97d747bb8a027e7b8f1023fe2985c56fbd433

Download Submit
C:\Users\Admin\AppData\Local\Temp\92348d5b60255c1807404911f08098a8A.ini

Filesize
1KB

MD5
6fa3bed462f3f2b1c91e19b2728cba12

SHA1
540316478dd167a3475b4eba12ac10b7d2e6d8cb

SHA256
9922b069690809cfb1d3c1879207b6c39d9dfc7cbcd5b727478cb23f66eda251

SHA512
6333d78e5c638c37e5b2da7f47761351c88544f945d967676c8ff3ab46ffff0a0be4ef65e98ebf3c95f4962fe5ced73fd63362a01e1cfb40362636730f91b9c9

Download Submit
memory/2428-477-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-479-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-56-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-55-0x0000000000240000-0x0000000000243000-memory.dmp

Filesize
12KB

Download
memory/2428-465-0x0000000004050000-0x0000000004060000-memory.dmp

Filesize
64KB

Download
memory/2428-473-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-474-0x0000000000240000-0x0000000000243000-memory.dmp

Filesize
12KB

Download
memory/2428-475-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2428-476-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-54-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-478-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-59-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2428-480-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-482-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-483-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-484-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-485-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-486-0x0000000004050000-0x0000000004060000-memory.dmp

Filesize
64KB

Download
memory/2428-487-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-488-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-489-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2428-492-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download

Analysis

Sharing