36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
30/08/2023, 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
Size

12.4MB
MD5

3c7bb97a94263af82d85f57f761bfa1d
SHA1

9311093fada905de38fb998467836771e08828ef
SHA256

36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27
SHA512

3327b9c60a43d0ef081c46c18dacf8c863af5fdc9a94a5db19339d9bbdecff2f40d975af14d78e40d867f19c5e1e91fed2f82769f4d0325f09853e3f8b8937a6
SSDEEP

393216:eZNfDZTE6l5+1fVLFa4QIMqA7jheXLVxH3:eZNfi8KLFapFYXLVV3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\Software\Microsoft\Internet Explorer\International\CpMRU	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000\SOFTWARE\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1464	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
1464	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
1464	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
1464	36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe

C:\Users\Admin\AppData\Local\Temp\36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe
"C:\Users\Admin\AppData\Local\Temp\36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\36c047032d1342279cf4600066930f1983b1b735ff3e2c0bdc3c88f55ca16b27.exepack.tmp

Filesize
2KB

MD5
1c32d1cd86f2eb33f1730613524e6cb4

SHA1
24e9162e4db09429f7d1a0c0d028c58e10fdfa09

SHA256
0984d96d444d8f9926796ccd2961bd8cf0b2043e4a5d4e78bdc8b265f18c2ead

SHA512
2dd9a50a2976532f7493dd54d41d3747edc504343434d9972c20e00073c8b0abebbec5aea50bf4fd6358d2e46c3f3918a8f86bc6adf8a4ffeac6299f0e23d9b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\86a6f6010e090ae14f8622568e888006.ini

Filesize
1KB

MD5
4cea1dec509b4e0f13a70fc3b1ccb59b

SHA1
a9a2f8c1395f34247ab7053eb99eecbb471f08ab

SHA256
da68a4bf82b3c416ffb008a1322102d448b51d2bfd65c434dabccbf03b630feb

SHA512
edb62fe181c3252304e6c2faa5532d2df5ed92dca9f81fdedfa83a72b6bc9c9970d1e4148a822e5325eb3c1d6b3db5cb91f23933f0bcfa885680b78596d15edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\86a6f6010e090ae14f8622568e888006A.ini

Filesize
1KB

MD5
13f8ccfecf4064dcc3a2070dfc792b9d

SHA1
fd0b306a59302453c9c7b221d2c5ef5ae998ce2d

SHA256
0894912b3200a44682a09ef304c089374cbe5c614e9dabef5a740b64924e5d76

SHA512
77d0906853c15cf90e454a245f6bef9db4620b88b48b775b3b9e36581fb093ba761a51b399ff11df3db7a4606c635c84a0be467a7204748be154c83a06f28aa0

Download Submit
memory/1464-0-0x0000000000400000-0x0000000001EA2000-memory.dmp

Filesize
26.6MB

Download
memory/1464-1-0x0000000002480000-0x0000000002483000-memory.dmp

Filesize
12KB

Download
memory/1464-2-0x0000000000400000-0x0000000001EA2000-memory.dmp

Filesize
26.6MB

Download
memory/1464-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/1464-345-0x0000000000400000-0x0000000001EA2000-memory.dmp

Filesize
26.6MB

Download
memory/1464-347-0x0000000002480000-0x0000000002483000-memory.dmp

Filesize
12KB

Download
memory/1464-349-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download