728614c7d2e6ad1b7dcf8d885bd65ea0ecc6c9ce49b7f373e0131278492af36a

Analysis

max time kernel
14s
max time network
130s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
08-10-2023 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

256B
MD5

51780c1cd5fa078cbdd056fb706cf952
SHA1

edc585dc6a4effd9b16182e5bfdf8a69d41edc9b
SHA256

de978d8fb5d6ad274e58ce013a74a77aa1680ec4d7927e1b6d9da7403a1985a9
SHA512

55a883aedcb501edde67405c5620f5f3277baa456521cd349f1055c4511edacb11f6c7303d20bab1e4896153f61a725b90e044409fdd0727507f2d1edfa8d847

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	MSPUB.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt	MSPUB.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	MSPUB.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar	MSPUB.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	MSPUB.EXE
Key created	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	MSPUB.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	MSPUB.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-86725733-3001458681-3405935542-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	MSPUB.EXE

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2788	MSPUB.EXE
2788	MSPUB.EXE
2788	MSPUB.EXE
2788	MSPUB.EXE
2788	MSPUB.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2788 wrote to memory of 2580	2788	MSPUB.EXE	29
PID 2788 wrote to memory of 2580	2788	MSPUB.EXE	29
PID 2788 wrote to memory of 2580	2788	MSPUB.EXE	29
PID 2788 wrote to memory of 2580	2788	MSPUB.EXE	29

C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE" C:\Users\Admin\AppData\Local\Temp\[email protected]
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\splwow64.exe
  C:\Windows\splwow64.exe 12288
  2⤵
  PID:2580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2788-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2788-1-0x0000000073C2D000-0x0000000073C38000-memory.dmp

Filesize
44KB

Download
memory/2788-3-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2788-4-0x0000000073C2D000-0x0000000073C38000-memory.dmp

Filesize
44KB

Download