9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636

General

Target

9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe
Size

8.5MB
MD5

cac63ffdff9b02b0c6249fc69e4afc7a
SHA1

fed6ae4c336001eafc980031992d8e476f27f179
SHA256

9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636
SHA512

984f9a8a68a95b8482bf8761bc13f93a55e0d7e10272a9b3b9744a2d40f82b8a6b7480f4fcf63fec0807eabadc8f4cfaf67dab12e53092242d4ce550760abea4
SSDEEP

196608:CogPNCqjxm59Pgdd80J22lmVE/x1x8Tn9vSl9gVNc/8fjb8gv:wPN9q9Pfn0mVEigl9ecG/v

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main	9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2472	9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2472	9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2472	9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe
2472	9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe
2472	9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe
2472	9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe

C:\Users\Admin\AppData\Local\Temp\9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe
"C:\Users\Admin\AppData\Local\Temp\9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9d8637094f615838e36315da5e5c4d772b5e54774023461f91ad3f15c0a9e636.exepack.tmp

Filesize
2KB

MD5
d2298d1a5d94a376ddf19a44bb60bb10

SHA1
2076110ecb93c6528071e592e130a6bf28c36d6a

SHA256
bdcc171155e731261f168f75ec1e52e07cd6d9d66f1871a271da89524c1034f7

SHA512
84805045778b0acb026a58ee70c7d8508864cbc34eba84d330361cfa9520547c297830097ca4d53621c8101e2afde948301ec6bb09298c6b964935eac1810044

Download Submit
C:\Users\Admin\AppData\Local\Temp\fad6acefa4b5192e8e3421c0e1f64495.ini

Filesize
1KB

MD5
1b769e855c9e24639c744f5864d3d40e

SHA1
a3e291af668b008ef7399ecd620cecaecd79f8c5

SHA256
50fb2271974f2728061b7697e76180b1986adf0f7600ee2a7d6b938b4965786e

SHA512
478b0e944858adbe1cb2a632902588da3d62a6a7869f324deed168276a8dc476c71f324211077a071f05c279fa5867e4bc28667899ada4f65791becf89e3e2a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fad6acefa4b5192e8e3421c0e1f64495A.ini

Filesize
1KB

MD5
d507bd39b77bceb870e1608068963763

SHA1
7b22f8146d737c209b617007f8568291c8527fb8

SHA256
9790cac03d2e7d06560663943e127d3a579fcf569664616f7fa2496b7074ceb5

SHA512
6ba52a9d21a9c0711d7bd2f7b8621a26859b7101e5a2847340d7e58e0c9eec0149d2f883d41d6002aa01bfc9470ef52f2fdd0c1d22abfac750ddad66d559c6d8

Download Submit
memory/2472-337-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-339-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-2-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-1-0x0000000000240000-0x0000000000243000-memory.dmp

Filesize
12KB

Download
memory/2472-327-0x0000000003A40000-0x0000000003A50000-memory.dmp

Filesize
64KB

Download
memory/2472-333-0x0000000000240000-0x0000000000243000-memory.dmp

Filesize
12KB

Download
memory/2472-334-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-335-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2472-336-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-0-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-338-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2472-340-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-344-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-345-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-346-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-347-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-348-0x0000000003A40000-0x0000000003A50000-memory.dmp

Filesize
64KB

Download
memory/2472-349-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-350-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-351-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-352-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download
memory/2472-353-0x0000000000400000-0x0000000001DA3000-memory.dmp

Filesize
25.6MB

Download

Analysis

Sharing