5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 06:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe
Size

148KB
MD5

f2c30c9531778f79d2c6ad3acc0ff600
SHA1

87034d29a0d8b284c5fa10cdbce92b8d7e04c13d
SHA256

5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d
SHA512

bbf18f11d9285b8a719c5e6a6a8a0af6df671fda35a8b95c150141b2af03e8a46296644eb5e5715c03514b549668a1cfbc00c0c78b260921c5109f5cd7b8964f
SSDEEP

3072:fXdZWs5k1GW9y4GYcu0xS7yHIcWde/GBI637Kg:8k34Dcu0IGH/WUvg

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe
Key created	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-686452656-3203474025-4140627569-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2348	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2348	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe
2348	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe
2348	5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe

C:\Users\Admin\AppData\Local\Temp\5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe
"C:\Users\Admin\AppData\Local\Temp\5833131d71d7bb8418fb25bff81a30dc05d2b74a1856ecc320f942ed3af8639d.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dd.htm

Filesize
2KB

MD5
70799823b67405619eb5ffc316ce880c

SHA1
938772315218ffbe29c7af9a4cfda620cb12d1c9

SHA256
d560d9d141a409790d07c6699c674dc9a60e3c07e1ca70814ce81d44d525d2b1

SHA512
b084f5a8574676f5e3dc25cc647a09b5924415fed075bab9c7b35e8671ac751f54c385a8371cb02cdb560e46dccb8ce6841eccc1b31eb30e9e521bec7332fbaf

Download Submit
memory/2348-17-0x0000000003D80000-0x0000000004DE2000-memory.dmp

Filesize
16.4MB

Download