6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c

General

Target

6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe
Size

14.4MB
MD5

6916443d03b1a26f34af7b2fe75a3356
SHA1

90be351e8ff8f703c423694e748941088daa61b2
SHA256

6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c
SHA512

ebae6e0846cc862a6663b5de1fa8299d00c1aca970031429b8f57f7e313721a075a75ad0f126b8c9d52cd57579f20929777406abe6fc9e1baf25c7fd9a8e8d02
SSDEEP

393216:j9aa/4dA5hRBC4lagmPRwZlHFIUMJ0JQCp4KhLB1:pB4dUHBTjmPRglGUM+/X1

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Main	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe
2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe
2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe
2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1472	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	28
PID 2028 wrote to memory of 1472	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	28
PID 2028 wrote to memory of 1472	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	28
PID 2028 wrote to memory of 1472	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	28
PID 2028 wrote to memory of 2864	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	31
PID 2028 wrote to memory of 2864	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	31
PID 2028 wrote to memory of 2864	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	31
PID 2028 wrote to memory of 2864	2028	6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe	31

C:\Users\Admin\AppData\Local\Temp\6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe
"C:\Users\Admin\AppData\Local\Temp\6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.exe"
  2⤵
  PID:1472
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\\*.dll"
  2⤵
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\34ad84a55f97f17562d7eb0c3250da8f.ini

Filesize
1KB

MD5
81e460545231e9a42fcfe899bc00aaa8

SHA1
6b79d31976b897f08d900790923512f2f3b0c911

SHA256
4ed1ed951469b3176dc14aa10de7f7472da22ea051bc6513f77a53d49f1a5ae8

SHA512
d3f76a7af44c8b368b952b3e73dbde8781b84100b7aad9c787d2a8295b3fc2a0393001826e2edb7114921c277f81b865e3b8e5a36d3d06a8b85e7a9147975e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\34ad84a55f97f17562d7eb0c3250da8fA.ini

Filesize
1KB

MD5
d507bd39b77bceb870e1608068963763

SHA1
7b22f8146d737c209b617007f8568291c8527fb8

SHA256
9790cac03d2e7d06560663943e127d3a579fcf569664616f7fa2496b7074ceb5

SHA512
6ba52a9d21a9c0711d7bd2f7b8621a26859b7101e5a2847340d7e58e0c9eec0149d2f883d41d6002aa01bfc9470ef52f2fdd0c1d22abfac750ddad66d559c6d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\6676348c35a50321cae6f9532dfe17a42c715ccb6b29002178129936a589366c.exepack.tmp

Filesize
2KB

MD5
d2298d1a5d94a376ddf19a44bb60bb10

SHA1
2076110ecb93c6528071e592e130a6bf28c36d6a

SHA256
bdcc171155e731261f168f75ec1e52e07cd6d9d66f1871a271da89524c1034f7

SHA512
84805045778b0acb026a58ee70c7d8508864cbc34eba84d330361cfa9520547c297830097ca4d53621c8101e2afde948301ec6bb09298c6b964935eac1810044

Download Submit
memory/2028-348-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-350-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-2-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-1-0x00000000002E0000-0x00000000002E3000-memory.dmp

Filesize
12KB

Download
memory/2028-338-0x00000000039A0000-0x00000000039B0000-memory.dmp

Filesize
64KB

Download
memory/2028-344-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-345-0x00000000002E0000-0x00000000002E3000-memory.dmp

Filesize
12KB

Download
memory/2028-346-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2028-347-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-0-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-349-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2028-351-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-355-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-356-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-357-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-358-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-359-0x00000000039A0000-0x00000000039B0000-memory.dmp

Filesize
64KB

Download
memory/2028-360-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-361-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-362-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-363-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download
memory/2028-364-0x0000000000400000-0x0000000001EE6000-memory.dmp

Filesize
26.9MB

Download

Analysis

Sharing