d4aa38b6a46d3cfc668a38ff6dc79097d3138a3d5a0208123ed4a27d52291ad1

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 17:29

Target

31720777b45a52e0bee92e64105fdfdf68abea53.exe
Size

1.2MB
MD5

58817ac22bc2f56e86d3c60253bdaed9
SHA1

31720777b45a52e0bee92e64105fdfdf68abea53
SHA256

24b31c4a0c540ade7879ee68cfb3e03cbf411fd0b70aff00b2bc743809019b32
SHA512

5777def3617a7410224ffb4ad0740ac13202e196861310d6033995927a17e3487294998de7d16ed1364798dd37a80411b8d80160a6de33b2ad0bd77428e0c993
SSDEEP

24576:SoyyzDBXE5OljBjauSRJZXCi2GpnXZK1PMUOcIa3oz4Yk45cIpBsP6:xyIdtvBGpn01ucVA4Y7BsS

Score

1^/10

Modifies Internet Explorer settings 1 TTPs 1 IoCs

Modify Registry

Processes:

31720777b45a52e0bee92e64105fdfdf68abea53.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-607259312-1573743425-2763420908-1000\Software\Microsoft\Internet Explorer\Main	31720777b45a52e0bee92e64105fdfdf68abea53.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

31720777b45a52e0bee92e64105fdfdf68abea53.exe

pid process

1932 31720777b45a52e0bee92e64105fdfdf68abea53.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

31720777b45a52e0bee92e64105fdfdf68abea53.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\{EBC27424-3162-4638-ADC8-F29F8072540F}\resources.1.0.0.29s

Filesize
1.6MB

MD5
0e7d6a3a2b0fdaefff1fbf07dfb0e483

SHA1
42b8b39856c52194d2a7e4d7877eec061de22213

SHA256
ef17ed2630826295a6c4092269524f422cebcd1c9af872fb9f270c810ae9923d

SHA512
9f44ff56d19e9892ed941b3579966627750d086fd0c0d5042ef4432d494ab79d5b232ee8c47a60cb5122946e2de03c4d2f07c1d9a779d1e3e26ddd4a47cb4a78

Download Submit