526f160e4e7fe9356149ffa6f9c2d2dc82211270bacd569c440094fc0e6f48ab

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b7a8a2e9a199d7ec1e9c88ff2d2552a.exe
Size

3.0MB
MD5

8b7a8a2e9a199d7ec1e9c88ff2d2552a
SHA1

d70b7ed62fad3f578b708249ad3e7857efbbf8ed
SHA256

526f160e4e7fe9356149ffa6f9c2d2dc82211270bacd569c440094fc0e6f48ab
SHA512

05056d64f97b9ed798723cf60919dbe72967acc8a81fc4b74ff2815f158f7295ecac32c1f1d116033d8c627f7b490a27be54015d4ffc641edb6ad5681250fb0c
SSDEEP

49152:479BY3kXRU+DKA++FOdrbRcKlHA6UrkJ3PaS6JFyOVQW/E/M+ngCL9abfqFRJxGW:4BT6AO96mHX6q/adJkJW8/1RjF2Mnt

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	8b7a8a2e9a199d7ec1e9c88ff2d2552a.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2536	8b7a8a2e9a199d7ec1e9c88ff2d2552a.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2536	8b7a8a2e9a199d7ec1e9c88ff2d2552a.exe
2536	8b7a8a2e9a199d7ec1e9c88ff2d2552a.exe

C:\Users\Admin\AppData\Local\Temp\8b7a8a2e9a199d7ec1e9c88ff2d2552a.exe
"C:\Users\Admin\AppData\Local\Temp\8b7a8a2e9a199d7ec1e9c88ff2d2552a.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...