4a6bd748060a09b29996915cbb80873ad9e06985b054d30a0bfd07d8005c3ad7

Analysis

max time kernel
119s
max time network
131s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ESETFunctionalityTester.exe
Size

218KB
MD5

b29b775d1a93a6886195b353f847d526
SHA1

86698f4f436107306c32d284741d60c86e78f222
SHA256

4a6bd748060a09b29996915cbb80873ad9e06985b054d30a0bfd07d8005c3ad7
SHA512

8673153ae9d10893d08a8846d583c27f4e956a84822ffccd8adabc34048ba8d1053e0abd216216b78f4357d1e89e2daa8a4a984b269811e8dd004f23c6a16904
SSDEEP

3072:Ot9opltkqljDcsDXiOzg02IwL85nPwg1OsJgQgcSXF46AatdBGXYs9dyFjvmheA:i9o7tHiKg02IwLgnIgM6g7KyG1vKvUeA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2180306848-1874213455-4093218721-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1732	mshta.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2116	ESETFunctionalityTester.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1732	2116	ESETFunctionalityTester.exe	28
PID 2116 wrote to memory of 1732	2116	ESETFunctionalityTester.exe	28
PID 2116 wrote to memory of 1732	2116	ESETFunctionalityTester.exe	28
PID 2116 wrote to memory of 1732	2116	ESETFunctionalityTester.exe	28

C:\Users\Admin\AppData\Local\Temp\ESETFunctionalityTester.exe
"C:\Users\Admin\AppData\Local\Temp\ESETFunctionalityTester.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\System32\mshta.exe
  "C:\Windows\System32\mshta.exe" C:\CCSupport\Tools\ESETFunctionalityTester\ESETFunctionalityTester.hta
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\CCSupport\Tools\ESETFunctionalityTester\ESETFunctionalityTester.hta

Filesize
125KB

MD5
c715083f6a735f1988c76b359f15842d

SHA1
1d00c935544ffde39efea26f5e7961a866bdd2bc

SHA256
39422a952f9f8dda99a6ee193cb64e8df2c08bb1d8a1e7673d0721b753e8ebf9

SHA512
e40b422c15877ccbccf53739d9d08c4e85cb23c87bb837ca7c5a59a8067968e6b4142e169127252c7536313221bfae06ec5fe2891279a0878a1ee101844154f5

Download Submit
C:\CCSupport\Tools\ESETFunctionalityTester\Images\ButtonBck8585.png

Filesize
1KB

MD5
8c21a9610654bfda280d58df6542063f

SHA1
711e8ced8d54216705c75a0d9cc81b15aafda9bf

SHA256
d34d87bb26f5cc094b6c1527a3c565ff2b2d785e801e4ab99e15054d35b0afea

SHA512
4a818bc1e24ccccc924c4c714766821714cae8693bed345a660982a6109b01d6de845541a36da6e9872561e7e1de2a213cd58316b4ccdfea3510b7e06e8a5476

Download Submit
C:\CCSupport\Tools\ESETFunctionalityTester\Images\TestLinks.ico

Filesize
9KB

MD5
720d958a5118a1300cc54266da0e865e

SHA1
f2570a6bba5a7fd639e23aac92f687f9ac943b3f

SHA256
a9663c9a1d54b74cc5c9491edc38ebfc21fdbeae4b0ccc32a0c4bc1c5acf4749

SHA512
4b53c9d46a087069c82255032107f393dc742b9f0c5673bb1770e69a09693487f2881b53f91e11a74910ef5bd79df59d8a2540333cf83db457c378086bd900cd

Download Submit
C:\CCSupport\Tools\ESETFunctionalityTester\Images\eset-smart-security.png

Filesize
100KB

MD5
1595ac812247fcfe593aee9a46bf1550

SHA1
b29e50eaaf5e7d531cbb514ab1e6a1867f01c45f

SHA256
d99e517fd9ffe84a4d7a5ea155f2602090a742fa7d906b0e22780a7d6d104b72

SHA512
deab28708239727349ffb407d80edec25266ab3167aab4ef308ec5c7906edb6c8a6040574fd5183fa29d0d3ca3faf2308484abf40b80d6271ab99f87f264cde6

Download Submit