3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d

General

Target

3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
Size

15.7MB
MD5

0205a7cd17fc5a301a87caaa7579e1c6
SHA1

aa726e2bd87cebc266be8f8deee41e6393a4e329
SHA256

3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d
SHA512

44395f0d6e18e6ecb194b41de97cd31b1d9b217c9dc2fb7fc29338887685ca5bacc4239b37c491e69908aae090781d23577a1b82814b4a87f3064d082ae160c7
SSDEEP

393216:CxYWfzYZogNhKKUjgxQ84IW6os4baOd0qGDlbGB17JPD6Q:COWLZB8xQ84IW6os4bxdXw0B17db

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2560	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2560	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
2560	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
2560	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
2560	3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe

C:\Users\Admin\AppData\Local\Temp\3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe
"C:\Users\Admin\AppData\Local\Temp\3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3e16d8a12c79ff6636295744cd1b5e5f743228b8e3789a9791c56667eae0f59d.exepack.tmp

Filesize
2KB

MD5
6b3747ca8078f728fc00dc2796f71fc4

SHA1
bb4b9520301274828143dec26504cd6f37a50cdf

SHA256
fa41dfa196c78b00dec06b3dddab74675c584ba4e67b0e9b28ecf0539a5cd6d5

SHA512
4622a257a09df52b3f9745d58ad94ae32f90f2a97d4e7233dc2a4ae6de09d5e447bcb5eaae36fd3fe976e2515f102b68472db79b25e6f1cc3fde6f82fa2d1fc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\d82710a08b751f3c5867b26592d6f8d8.ini

Filesize
1KB

MD5
0b71fd9a1e78f49edbcf6511b831a4f6

SHA1
d2058875b71ac0dd8b3ee32cf79e536b4bd3ffc5

SHA256
48c6f5e8fe0e915678a7febf3b2b931dcfb9e008aac55e98bed7bbc415a9beb8

SHA512
24357b4db00fb670045eff90e80cab1c2447cd529be41a2576d84bf5fa02e7923bfb7c7305b87168cb0f9c6dad14add83548ceb19220b2e78d599d478fc4fec4

Download Submit
C:\Users\Admin\AppData\Local\Temp\d82710a08b751f3c5867b26592d6f8d8A.ini

Filesize
1KB

MD5
ac8e886c27400682c28817e7e7f13d9d

SHA1
d110cd45973fbb67acd3600609f1c94542c74123

SHA256
49454532373df728137855b74a1dc75b6f8049d6de151b606e526205354e7245

SHA512
e7aa00f450a1fe36cbd407ee1760e19b8a6eb8853dd5afc86d162194ef131282c0f781e94b8deb62ac751ca3a3e31649d0b803aafaeff16ca298c9c60a54f361

Download Submit
memory/2560-431-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-433-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-56-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-55-0x0000000000240000-0x0000000000243000-memory.dmp

Filesize
12KB

Download
memory/2560-425-0x0000000001EA0000-0x0000000001EB0000-memory.dmp

Filesize
64KB

Download
memory/2560-427-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-428-0x0000000000240000-0x0000000000243000-memory.dmp

Filesize
12KB

Download
memory/2560-429-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2560-430-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-54-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-432-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-59-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2560-434-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-438-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-439-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-440-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-441-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-442-0x0000000001EA0000-0x0000000001EB0000-memory.dmp

Filesize
64KB

Download
memory/2560-443-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-444-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-445-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-446-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download
memory/2560-447-0x0000000000400000-0x0000000001DA2000-memory.dmp

Filesize
25.6MB

Download

Analysis

Sharing