95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
23/11/2023, 04:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe
Size

13.1MB
MD5

f90b600c601de14e5341a8c52cccd782
SHA1

10433f5057ccd1c6f0a2f4b77afaf3731e6c84bd
SHA256

95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88
SHA512

dba97f7f48a7c69275572a9a67d312bb417575ebfb2b24b76e0179739c3aa18849952fe2a4403568c9aed704de7e65a74e60da37a67a717a1c91588db91811d5
SSDEEP

393216:3VhgLN/qpGQLRetgWGSYM0ZQLWV8w4NaFsWmyvrM5:3VhgR/tFGWVaywCf5

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Internet Explorer\Main	95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2576	95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2576	95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2576	95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe
2576	95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe
2576	95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe
2576	95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe

C:\Users\Admin\AppData\Local\Temp\95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe
"C:\Users\Admin\AppData\Local\Temp\95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0f62adf2294cdfecf07dd38d7d234389.ini

Filesize
1KB

MD5
5d731f6d5eab143f4a22c741874a8d23

SHA1
55afe920fc815b9293a03ca94a49b5d249d862c3

SHA256
1ea6956b3ecba807732871d5c4ce547b21fe7c7695c71af4b2f6c94ec1ddc9d3

SHA512
ac923ffe0485cc56793042d5d4511ee3db770a4c34794c77dedd899fe5777dd6f7f7a7cc98c6768a0c1a1dcf006d179d9605addc88582455d590a95b246aa6c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\0f62adf2294cdfecf07dd38d7d234389A.ini

Filesize
1KB

MD5
1b70cd4263d0a8895508e29b6f9345a1

SHA1
26831620e8f1adbf7977edb265b8060ee60b2e86

SHA256
0966f13fa9b1bfbb6bc5952f66a1d9c48b38d7e5c21261f5b5e9a6a6c41f4441

SHA512
a8ef5f22b88e67775b779ea1bd47d5d035467c9018ad2cbc9121dd26580dd0822461b1e08006053aa58ab019db954b826d72825c2c6701e4ec5cdf4fbc4d5f60

Download Submit
C:\Users\Admin\AppData\Local\Temp\95f2661fa4a0f43619d51af30a0458280bd5d7c5d7e6137dec6387333682fa88.exepack.tmp

Filesize
2KB

MD5
814ac4d365041b4a44189a06f5fcc3be

SHA1
0a3809ae56fc40a837521efc5e26caf974e4c616

SHA256
6c557d45870a330a766a29d6a6f94775c303d7c9d6b1e6afc36bd63541ff4c0c

SHA512
68b5dde03e0cfcac463c884b5fdc0974a2060f4cfd1ea7337e481699cc28367a9b3a25e4ddcdf0bc7fc79cded415e6e1db26d40e30b141073e80a2f76cec5f29

Download Submit
memory/2576-351-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2576-378-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-2-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-1-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download
memory/2576-346-0x0000000003750000-0x0000000003760000-memory.dmp

Filesize
64KB

Download
memory/2576-348-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-350-0x0000000000250000-0x0000000000253000-memory.dmp

Filesize
12KB

Download
memory/2576-0-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-352-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-5-0x0000000050000000-0x0000000050109000-memory.dmp

Filesize
1.0MB

Download
memory/2576-379-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-380-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-382-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-384-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-385-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-386-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-387-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download
memory/2576-388-0x0000000000400000-0x0000000001DA1000-memory.dmp

Filesize
25.6MB

Download