53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0

General

Target

53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
Size

14.9MB
MD5

5af000c5f71d6acb03b2650f066770a4
SHA1

31c5271b5eb574d22e650069d28477e26f057b02
SHA256

53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0
SHA512

3bbd6226fbdc8692c8e63def4cf1d520e8eae3e9275386a1a26168334e43da95693ce3b7f522b899df716d9759625f2334356ba08bcae8eefc331be75f87680f
SSDEEP

393216:kCJ/cmvfLvZyS5UngknZPwW8XsIUmKoMNb/5:kDkyGmgknuBXvUmfgF

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Internet Explorer\Main	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2068	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2068	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
2068	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
2068	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
2068	53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe

C:\Users\Admin\AppData\Local\Temp\53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe
"C:\Users\Admin\AppData\Local\Temp\53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\148032480f281c5ee031e721f60a6356.ini

Filesize
1KB

MD5
4d698dfd5c63e444c60b9b497ddc6995

SHA1
5a7bdb2fdedae51f02c50398ce0a6e2c66b67ae1

SHA256
35bdae8c308ca05f5f3eda76bcbc0162c4f272a27859abbc28669e5c81bf3452

SHA512
d7a4a0b9b596ee7816d92749903441e2a7dbf48f1c84227f59c0f054846efba6357a68a4a80579cb8d201f1b6d3395542cdf46465c83c19670fad98661328ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\148032480f281c5ee031e721f60a6356A.ini

Filesize
1KB

MD5
e851b321aca4e8a32baa8711b1ab0acf

SHA1
2041d2e2138caeb3f899d8c815e57c16c7fad6be

SHA256
ee8a08b70a8a3a185f1d03036c1ec2b0aac6da028b70d145a7aadd93544e409d

SHA512
7fa3414e543677c171806708bb031ca804d49f3b9666d33a7ebc607db58ee078195421ea33f2501b5e141a494ffd00fa0554a794e4e25bf6aa3179547249714f

Download Submit
C:\Users\Admin\AppData\Local\Temp\53db23043dad0783c69e001093bfcd01eba35376cae95c78bf31a4652ce0ddd0.exepack.tmp

Filesize
2KB

MD5
5b13e76a693e82c4533e259e1d7a0d71

SHA1
ba7dda9141745e77fecf98333b222ef981d9d370

SHA256
008ff79a38c66bbf8e6cdde89742fe3dd36291d81211b453a762c534c25454e2

SHA512
cd418e3eed43cee67f98acb8dbe7dad150e1896490e81fdf7ae855b0ce5ca3326c5f14e0ae138469b5dc9da1133729fc1817337658f376c63dc7368d82aec74c

Download Submit
memory/2068-350-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-352-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-2-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-1-0x00000000003E0000-0x00000000003E3000-memory.dmp

Filesize
12KB

Download
memory/2068-344-0x0000000002600000-0x0000000002610000-memory.dmp

Filesize
64KB

Download
memory/2068-346-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-347-0x00000000003E0000-0x00000000003E3000-memory.dmp

Filesize
12KB

Download
memory/2068-348-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2068-349-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-0-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-351-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2068-353-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-357-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-358-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-359-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-360-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-361-0x0000000002600000-0x0000000002610000-memory.dmp

Filesize
64KB

Download
memory/2068-362-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-363-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-364-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download
memory/2068-365-0x0000000000400000-0x0000000001EBA000-memory.dmp

Filesize
26.7MB

Download

Analysis

Sharing