87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79

General

Target

87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
Size

14.3MB
MD5

84706e317709f668156e1a64655b8575
SHA1

7f8c6c36499b6968b828cc31fe364a9f36c86cf3
SHA256

87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79
SHA512

df17e7d8470945999ea7001c08ff2851cabfe0671fcad961a54ac0a1c67ca457348a5533a5a456f61065e61f738f615f195bea5cae79a0def6fd94b275155dfd
SSDEEP

196608:vUA2js2wjg2AUa78dy88xotEfi7ZL6hIQq3DGtrDEELswvHDiwr05LHwkfgvJdaG:vSA9jg2k7Z83tYhIXDGjUQhbU1Q

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\M:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\S:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\W:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\Z:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\B:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\E:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\G:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\O:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\R:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\V:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\A:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\I:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\J:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\T:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\X:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\Y:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\H:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\L:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\N:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\P:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\Q:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
File opened (read-only)	\??\U:	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-722410544-1258951091-1992882075-1000\Software\Microsoft\Internet Explorer\Main	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2660	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2660	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
2660	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
2660	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
2660	87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe

C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe
"C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exe"
1⤵
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\87358c21080bd105e5e25cc7806fd191b3a098e88d2cac4e14f53eaf4d413f79.exepack.tmp

Filesize
2KB

MD5
a201e42881f69746cbbcfb145e78e79e

SHA1
8a3344bb01bcf4c4c3472e5d69c845664fea1cdd

SHA256
b988461f71b0541e4a9aa0753299ee6eb09034d855b12106cae9964a221c5f6e

SHA512
67e86010a873a42962038fcda91474efe2962023c4187e11f1a1d52dbb9637e144e1681f87a1125e7a681bf593a51a7ec26027f331268c744edf6e59d0e4946f

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe23fef1270b1333cb6b8595b486efd1.ini

Filesize
1KB

MD5
bc8b6919c8aa83bfeb099c4db51d452e

SHA1
761949a84009396e2cd846a4062c4282a050dc25

SHA256
3b884f28a5850f0701977b69b2ec372232531f6733852de11f21727853a83aaa

SHA512
f67b4f62a4d0faaa7d7deaeae3f67e224212aee3be2ddbca4d63cfdba5653aec43621aa137596fba49d5ad99a46d7c39b9d1e814dc424f09f5ff695150945c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\fe23fef1270b1333cb6b8595b486efd1A.ini

Filesize
1KB

MD5
0203c4f364e0e7f63d040021caaca02b

SHA1
e7284c3c6f8022e5f5fbd0c4eb6bba3ac9a21205

SHA256
23cedca8efb4bdf2ee0b0992a18d6e8f27ca545f2ec7e43dfab57ab5972b9024

SHA512
f0305adddc833defd8d2c09c88855aa92829f2bf42556e08d9b8d913e7bc95c2cf67866b1a24e9c9c8193e6a6cb7cdbc1a362d13881ffb5b1261bc164aa66805

Download Submit
memory/2660-359-0x000000000BD90000-0x000000000BD92000-memory.dmp

Filesize
8KB

Download
memory/2660-363-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-2-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-1-0x0000000000290000-0x0000000000293000-memory.dmp

Filesize
12KB

Download
memory/2660-336-0x00000000039E0000-0x00000000039F0000-memory.dmp

Filesize
64KB

Download
memory/2660-338-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-339-0x0000000000290000-0x0000000000293000-memory.dmp

Filesize
12KB

Download
memory/2660-358-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2660-360-0x000000000C010000-0x000000000C011000-memory.dmp

Filesize
4KB

Download
memory/2660-0-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-362-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2660-364-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-365-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-366-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-368-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-369-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-370-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-371-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-372-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-373-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-374-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-375-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download
memory/2660-376-0x0000000000400000-0x0000000001EA1000-memory.dmp

Filesize
26.6MB

Download

Analysis

Sharing