128abe79834296e1a6b3572d3e5728ba0f1196b24bffbb52218ea0503f044cf8

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

614c4284526d0d7d8c71a4ba1336398d.exe
Size

27.1MB
MD5

614c4284526d0d7d8c71a4ba1336398d
SHA1

056c44900027275fa6b8761a9349c3cdbd829698
SHA256

128abe79834296e1a6b3572d3e5728ba0f1196b24bffbb52218ea0503f044cf8
SHA512

3aeb0c6cf59c5102a1690ce7e378b3fd51efb67c749e433e178a3c7cc7a5825cb2e092d949bbee0e9b47e3e52fe61432f77050b93d6ec1eb3d7fe73d054b8379
SSDEEP

98304:EcKUh+UMh+2Mh+PMh+Y+1+PMh+Y5PMh+Y+1+Mh+PMh+Y+1+PMh+Y5PMh+Y+d:Eu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2508	yen.exe

Loads dropped DLL 2 IoCs

pid	Process
2876	614c4284526d0d7d8c71a4ba1336398d.exe
2876	614c4284526d0d7d8c71a4ba1336398d.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	yen.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2508	yen.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2508	yen.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2508	yen.exe
2508	yen.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2508	2876	614c4284526d0d7d8c71a4ba1336398d.exe	28
PID 2876 wrote to memory of 2508	2876	614c4284526d0d7d8c71a4ba1336398d.exe	28
PID 2876 wrote to memory of 2508	2876	614c4284526d0d7d8c71a4ba1336398d.exe	28
PID 2876 wrote to memory of 2508	2876	614c4284526d0d7d8c71a4ba1336398d.exe	28

C:\Users\Admin\AppData\Local\Temp\614c4284526d0d7d8c71a4ba1336398d.exe
"C:\Users\Admin\AppData\Local\Temp\614c4284526d0d7d8c71a4ba1336398d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\yen.exe
  C:\Users\Admin\AppData\Local\Temp\yen.exe -run C:\Users\Admin\AppData\Local\Temp\614c4284526d0d7d8c71a4ba1336398d.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yen.exe

Filesize
76KB

MD5
25666ef183ae41adee819d1d27e83c54

SHA1
e97e90e5ac190e10dceb8c4bf06d633a6471d5a9

SHA256
e04b361da7cea676be4fa035bfaf44b7f9996322b70e4bbdd7a6c017e3a2c7ac

SHA512
0680f9ad93842f908b3aa512b894a3145e18099509689b01e8a397b392fa686e2cdc6e443cc5caef8e0ab78b3708ac43f86e54da46c1ebe32e52d21f3f25ffff

Download Submit
C:\Users\Admin\AppData\Local\Temp\yen.exe

Filesize
136KB

MD5
9bb1b9d9c4d93546f2f5f936ccce7b12

SHA1
02c475a0524d7a0a9e0b23bcba8a059cb8b0848f

SHA256
92e55c72b9eae96ee55df86aaf3f3157826f5e82eb8ddcbffe35aa6f89fb575f

SHA512
60de425314650b8d9e55de24eee23d991fa89d710490cb83e7323ee1a603f0590a0912ff5a4b8a762c60138b04736a5297f20b6592e9d37f191fb168be694ff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\yen.exe

Filesize
2KB

MD5
8bf63369d8d26214342cb6d6f5bec44c

SHA1
0f8804fe3b0241d40c0f7fcabf88fa0e08cbad04

SHA256
cb4cc8e8e9a38476c57735ea5ea955d951f46a8ef02305f5dd542be650f6c0a7

SHA512
853c3f68525382646c78a25bbc3dc46db25937ff766b057f7a7e4e2eb17608f3892e0342277f306ec58110ecfff0b7d502e07be8473c1715cadc210c58eabad9

Download Submit
\Users\Admin\AppData\Local\Temp\yen.exe

Filesize
75KB

MD5
f73100cb16cc64fcd265e1ff320da728

SHA1
79e36d62f77778a130cbf93501e4d7ea366275db

SHA256
9292bf3f24e20556f84c1ee2dcf84a82c74815f18ca03999219a3d8eb5e5d9a6

SHA512
c9dbfff1a52fd1894c0022afcde46e95a663939c390e082ab86a33fd6ed37cce531346ce446ba79b546cbf82d55b19f3dd2e7c6554d88e3c4780f12e54f1b87d

Download Submit
\Users\Admin\AppData\Local\Temp\yen.exe

Filesize
48KB

MD5
7369ed06f79f387a6ede1bcb247db382

SHA1
20b6d62dd9aa48bc2740dca67ac4b4736bef499f

SHA256
32531eb6a3361a71fea9d2137f98b307eb2e9d45db74665cc7c4e8f7d20be8a3

SHA512
664d70f9033eac811c8c5979e66b1325a28587a21e5cc6141fe164d511d90092712a7acee13ee2a84f267a81269cc618aad1a469f05cc0fb26940c06913f0d62

Download Submit
memory/2508-112-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2876-21-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/2876-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-10-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2876-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2876-8-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2876-7-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2876-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2876-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2876-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2876-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2876-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2876-19-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/2876-18-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/2876-17-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2876-16-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2876-15-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2876-14-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2876-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2876-12-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/2876-27-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/2876-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2876-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-26-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/2876-25-0x0000000001F10000-0x0000000001F11000-memory.dmp

Filesize
4KB

Download
memory/2876-24-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2876-23-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/2876-22-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/2876-1-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2876-20-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2876-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2876-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-64-0x00000000009C0000-0x00000000009C7000-memory.dmp

Filesize
28KB

Download
memory/2876-63-0x00000000009C0000-0x00000000009C1000-memory.dmp

Filesize
4KB

Download
memory/2876-62-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2876-61-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2876-60-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2876-59-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2876-72-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2876-58-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2876-57-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2876-56-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2876-55-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2876-54-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2876-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2876-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download