1c6fd6d00b1113dd28a1ead3ca1cce7d1cbaab10d661689cbf34306c9ca810e6

Analysis

max time kernel
144s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 07:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7768f9c57cd2de0e804964255897f192.exe
Size

27.2MB
MD5

7768f9c57cd2de0e804964255897f192
SHA1

4f4efaad50360160953fc1b7e407834690214c9d
SHA256

1c6fd6d00b1113dd28a1ead3ca1cce7d1cbaab10d661689cbf34306c9ca810e6
SHA512

830f8f3b9aaaf660e1eabe82e8eb3250620b51e95ec9778b4812e83be92951ae82b795f30c09068a3a551bf8f3a9389c05deec3ea63000641d675451549f2cb3
SSDEEP

98304:EcKApKAHApcApKA08AtApKAHLpcApKA08AtApKAH4HApcApKipcApKA08AtApKAR:ET

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2744	somt.exe

Loads dropped DLL 2 IoCs

pid	Process
2044	7768f9c57cd2de0e804964255897f192.exe
2044	7768f9c57cd2de0e804964255897f192.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	somt.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2744	somt.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2744	somt.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2744	somt.exe
2744	somt.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2744	2044	7768f9c57cd2de0e804964255897f192.exe	28
PID 2044 wrote to memory of 2744	2044	7768f9c57cd2de0e804964255897f192.exe	28
PID 2044 wrote to memory of 2744	2044	7768f9c57cd2de0e804964255897f192.exe	28
PID 2044 wrote to memory of 2744	2044	7768f9c57cd2de0e804964255897f192.exe	28

C:\Users\Admin\AppData\Local\Temp\7768f9c57cd2de0e804964255897f192.exe
"C:\Users\Admin\AppData\Local\Temp\7768f9c57cd2de0e804964255897f192.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\somt.exe
  C:\Users\Admin\AppData\Local\Temp\somt.exe -run C:\Users\Admin\AppData\Local\Temp\7768f9c57cd2de0e804964255897f192.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\somt.exe

Filesize
107KB

MD5
97fa25904f2a7c981476451d0c0de07f

SHA1
f7c158220e6397aa498e7903429a9be6431b278f

SHA256
56091f7b60a2748a6b1d61a9f0789a4ff828c0d99043fb504b76f427a765eb06

SHA512
33dedc016040a1a74ee8cb6230de1ab708e3b4d20224eafa084c7a0101070b4bdc2341b80b4337929e2720b0d016d037e9d54885d001b675a3f4ce18a62853a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\somt.exe

Filesize
82KB

MD5
31a6c38a1de5edf7f641aa3633d77829

SHA1
1441b6b015e47222bcac56612b737d812fedc98d

SHA256
373af79e353b73d2ef940cb0ce7004d14dd10431f0eb85582e8bf7b2b7abd39f

SHA512
74a0094992acd2765ab94fe35c44ab1fd7d19421ed1dcff1326a2438303272a6ee6c376b55964420858e85703209de0206d32fc0083b878df9c008d3cae62aeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\somt.exe

Filesize
74KB

MD5
920bd6e25df561cf40b41d0e35c02a88

SHA1
98e15884c7b08834a5ca06b8f53f996276fa7214

SHA256
24d1766675b249588f2b6119f96862fe07272dd9698898d847f8483770e83a36

SHA512
b7942ef461e47844e67959a775af13f1715b28e3f3aabcdf3769a1ec89e41ac807bfcd6cf2be28c5a0593a97c94f0852cba297283ba48330e3e286b64a3ce1f5

Download Submit
\Users\Admin\AppData\Local\Temp\somt.exe

Filesize
63KB

MD5
a2bef27c204f5215ff261faed36fa15d

SHA1
aec8f3c4a9219916d4d2cc428c06c1e52be0851f

SHA256
7f26334e98f657fc4bdfe71b5ff3deab8615f53f95a27eef77e44076c54cdc62

SHA512
b646a8072b2439895c2c86229a477b49122ee3115c714ea73f7f38e5c777c85f57e806caf3e4e86ff638a29a9f20c47a9a82552a9b4aeea530dbac78dd95649d

Download Submit
\Users\Admin\AppData\Local\Temp\somt.exe

Filesize
85KB

MD5
99fea46447b557895ec99fb0c0949e13

SHA1
aaa07d43531750e21e456f147cc3d60d299d51a1

SHA256
61870886b3395558a4b877fd8df3bea603751fc0076fbb4eeef7bc368d757a5a

SHA512
28ae98b00b7d2ce1d666aff3d71f35028e12f3b574c1ce48d5fe5a38f9b7f9e5399f4d61aa5044b2e0c38f0b4cd260db04bb8a224630f733e00adb0bf198ad3f

Download Submit
memory/2044-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-8-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2044-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2044-10-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2044-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2044-12-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/2044-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2044-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2044-15-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/2044-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2044-17-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2044-18-0x00000000009A0000-0x00000000009A1000-memory.dmp

Filesize
4KB

Download
memory/2044-19-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/2044-20-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2044-21-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/2044-22-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/2044-23-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2044-24-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/2044-25-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/2044-26-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2044-27-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2044-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2044-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-1-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2044-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-7-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2044-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2044-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2044-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2044-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2044-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-66-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2044-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2044-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2044-62-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2044-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2744-68-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2744-69-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2744-70-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2744-71-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2744-72-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2744-73-0x0000000002970000-0x0000000002971000-memory.dmp

Filesize
4KB

Download
memory/2744-115-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download