dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61

General

Target

dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Size

14.5MB
MD5

9cae22eaa31aee209e7b87b30d794dc1
SHA1

3d3d25b31112c57c461cd86dca13b810d2d074bc
SHA256

dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61
SHA512

0fcb803806754d6c327d70fbd09fa36f21b35db4a0d92daf051079c0a254c3d685984e6724af65001cc0fe4c2428c17e76989818ca671d18e65d0ac2ea6b3491
SSDEEP

196608:QEbzn1yKTsy0LScY2q6mHx96bYPKwrh62OfQybhXldXPGRD1BH/pQMQ75bjMFUv5:Hroxe/HblJk/rfdXUZBHRqxjMu5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\Main	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage\84g.com\NumberOfSubdomains = "1"	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "63"	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage\84g.com\Total = "63"	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage\84g.com	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Key created	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.84g.com	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2969888527-3102471180-2307688834-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.84g.com\ = "63"	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2292	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2292	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
2292	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
2292	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
2292	dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe

C:\Users\Admin\AppData\Local\Temp\dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe
"C:\Users\Admin\AppData\Local\Temp\dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\654022247072d1c03e42e4190083f592.ini

Filesize
1KB

MD5
460edb3be4690a551a2e97a1f026296e

SHA1
6096ed3d0a5e23a3dec5de52550ae80a36169466

SHA256
f330798eaa2c2649f427659b980aa783bc6a4e520439f56ea0aeabd157832899

SHA512
9c8f7fe2206dccadbca13777847e39b421f4a1ca1cec93ba9546699686549b085f527c369990037e775f71526a9ccc21e67139df18316173444a82e66366a076

Download Submit
C:\Users\Admin\AppData\Local\Temp\654022247072d1c03e42e4190083f592A.ini

Filesize
1KB

MD5
cf049b6db1cbb0f698d9783da8ad96a9

SHA1
81ab2ea386088527bd39313d78e3b78dbb2dc08a

SHA256
bfd71ffc559cb943f51319fa86239bae1530ae732312dd3449c703b36904e018

SHA512
97a643553ab27df98873ba6939b24eab0fe68d8be912dcdab56bbeac57f799779d7bea1b0bb82d1c57e28436d6fa537376d0fac46b465ba0fc209befa12a78f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\dc5763f5845e14a6628f57951b42f03373e8fda0fa9b3a11111ba77fb2b85b61.exepack.tmp

Filesize
1KB

MD5
636504ddac5db4edc3904aba1eadccdd

SHA1
fe739b7ce6299a7aa41faf949bdacaf090454c6a

SHA256
b40ac9ab8bb8856e0748e98d09625880494afb2a9af8c4bafb94dfefa7be3acf

SHA512
b01956640134472f6dbf70275d8f9a18040f8400bf23a3b96ed6f41d916ec60a780a999c1120b994b9d5161b18c90a66117af6ab7a274c64804dd591c3cbfa20

Download Submit
memory/2292-450-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-461-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-1-0x00000000002D0000-0x00000000002D3000-memory.dmp

Filesize
12KB

Download
memory/2292-297-0x00000000040D0000-0x00000000040E0000-memory.dmp

Filesize
64KB

Download
memory/2292-357-0x00000000002D0000-0x00000000002D3000-memory.dmp

Filesize
12KB

Download
memory/2292-376-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-379-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2292-404-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-431-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-0-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-460-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-2-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2292-463-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-464-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-465-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-466-0x00000000040D0000-0x00000000040E0000-memory.dmp

Filesize
64KB

Download
memory/2292-467-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-468-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-469-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-470-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-471-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2292-472-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download

Analysis

Sharing