6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e

Analysis

max time kernel
152s
max time network
164s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
17-11-2023 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
Size

11.0MB
MD5

3b48bae8a78673557477d95cb1f72497
SHA1

34774326f59c24ed2e9604158b0efb9dbc9f8021
SHA256

6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e
SHA512

4958070710b2b2993c70ea1901f58a98713c07e38ecaaec2a704c6973fb0601afed9a79ca36ce44f2e986eac08adc7ebac1526282ac9e367d627ea7d6815878f
SSDEEP

196608:p0GJxCMWJitkSNukRc2+El9CETJTaxEC89l+JlQnri1mdEiZBENhj0SgEyev2V+Z:pxDsJitbc6lZBwf89olQricJ7L5Ov2UZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2952504676-3105837840-1406404655-1000\Software\Microsoft\Internet Explorer\Main	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 1064	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	28
PID 2284 wrote to memory of 1064	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	28
PID 2284 wrote to memory of 1064	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	28
PID 2284 wrote to memory of 1064	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	28
PID 2284 wrote to memory of 392	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	29
PID 2284 wrote to memory of 392	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	29
PID 2284 wrote to memory of 392	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	29
PID 2284 wrote to memory of 392	2284	6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe	29

C:\Users\Admin\AppData\Local\Temp\6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe
"C:\Users\Admin\AppData\Local\Temp\6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exe"
  2⤵
  PID:1064
- C:\Windows\SysWOW64\cmd.exe
  cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
  2⤵
  PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\560228d5b306da6d9df69d35dda253d8.ini

Filesize
2KB

MD5
14379b05fec98219e9d5bb2f7c16221d

SHA1
37829fe2050a37d757cc9417ef5301b1bd30a059

SHA256
08f157eece5052f4da25bd8d3bc93e390d934fe38ce02128fa4bddde4ee3ec86

SHA512
c30fae68fa5b93e5ab4a6002732089c5098ec89c146f39badbbc9f81adb652ea96f637abf97d0c8795126108b47931f2b040ad5f9c56de9749402299c377ec25

Download Submit
C:\Users\Admin\AppData\Local\Temp\560228d5b306da6d9df69d35dda253d8A.ini

Filesize
1KB

MD5
008933c3db3fe610673312574dcf2a19

SHA1
11c01680e1498d1c0936f62b80aa1b7c846b6949

SHA256
b9216e69d90ac3e52b6b3f33aeee070bab479890601dc41034226a92065e5531

SHA512
8bceec2b15b5fb6bd16c53d558da7a7baae9355b1a164c6bbd549f718df0b5bd60785cfb7b0d029bccc5f77b3a131b620bbac9ee609a2b32d1457e6aa2fdea8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\6fc60d6049d8b81e1918130958e2f3b0d95e0ce0342dd43c12f9efa0cecf657e.exepack.tmp

Filesize
2KB

MD5
b4f0f55518101fd63ab71837e6e69691

SHA1
db3086c0030171aab915cdc25eeca22fc261825d

SHA256
1ea86b38a091daa4ebc3127a0de7928815a487757af07acdad35993e0f2cc54b

SHA512
efd24bf2cac39020fe1840938f29ed74d9d1a658e3cdd5f3d166f610214ab3eeff1c7c2118c06ab27f93805ceb20b8c57d4000743494e18bee86f40c19cdd4f1

Download Submit
memory/2284-347-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-349-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-2-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-1-0x00000000003B0000-0x00000000003B3000-memory.dmp

Filesize
12KB

Download
memory/2284-331-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-334-0x00000000041F0000-0x0000000004200000-memory.dmp

Filesize
64KB

Download
memory/2284-344-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-345-0x00000000003B0000-0x00000000003B3000-memory.dmp

Filesize
12KB

Download
memory/2284-346-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2284-0-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-348-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2284-350-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-352-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-355-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-356-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-357-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-358-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-359-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-360-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download
memory/2284-361-0x0000000000400000-0x0000000001CB4000-memory.dmp

Filesize
24.7MB

Download