be899c46cecbce4e234f9ffa5016eb8aaeadd81c2783032b4e11b6db57c8958d

Analysis

max time kernel
184s
max time network
35s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd3e056d6f91d319c9c83d2a96fe4d7f.exe
Size

6.5MB
MD5

bd3e056d6f91d319c9c83d2a96fe4d7f
SHA1

d8a5fac5ff48a23517aeee61f3785d702612f7d0
SHA256

be899c46cecbce4e234f9ffa5016eb8aaeadd81c2783032b4e11b6db57c8958d
SHA512

d3e9e061706eab44864e734225bcb4103772d55d751fd08e869fdd4b1e63de138375ab73082c8ecde4e63f7c516d959697777ca1e11e2e4f155b5dcc5e8479c7
SSDEEP

49152:EQFRHrmQG+trBSRHrmQG+trsrBSRHrmQG+trGrBSRHrdrmQG+trBSRHrmQG+trsG:EcKXKAKegXKAKS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2504	yuqmgy.exe

Loads dropped DLL 2 IoCs

pid	Process
2904	bd3e056d6f91d319c9c83d2a96fe4d7f.exe
2904	bd3e056d6f91d319c9c83d2a96fe4d7f.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	yuqmgy.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2504	yuqmgy.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2504	yuqmgy.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2504	yuqmgy.exe
2504	yuqmgy.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2504	2904	bd3e056d6f91d319c9c83d2a96fe4d7f.exe	29
PID 2904 wrote to memory of 2504	2904	bd3e056d6f91d319c9c83d2a96fe4d7f.exe	29
PID 2904 wrote to memory of 2504	2904	bd3e056d6f91d319c9c83d2a96fe4d7f.exe	29
PID 2904 wrote to memory of 2504	2904	bd3e056d6f91d319c9c83d2a96fe4d7f.exe	29

C:\Users\Admin\AppData\Local\Temp\bd3e056d6f91d319c9c83d2a96fe4d7f.exe
"C:\Users\Admin\AppData\Local\Temp\bd3e056d6f91d319c9c83d2a96fe4d7f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\yuqmgy.exe
  C:\Users\Admin\AppData\Local\Temp\yuqmgy.exe -run C:\Users\Admin\AppData\Local\Temp\bd3e056d6f91d319c9c83d2a96fe4d7f.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yuqmgy.exe

Filesize
1.4MB

MD5
346d35d56eff36fc0f823045bb7d3239

SHA1
37d7c4b82dba4e25b820229728cbb4ec604fbce4

SHA256
b7dbf91f7e4d35113b2700368d3a4590be3770e4bdd447a74c8823d7ec1ead9d

SHA512
34836eca13d4ebc6724e79e282a19c8c1610ecb74c72b07557bc092cf27bf44b4f53017fd73dc09550f29597c31f9d7393dae97e095f2814dc5b5a4474d60de4

Download Submit
C:\Users\Admin\AppData\Local\Temp\yuqmgy.exe

Filesize
1.1MB

MD5
8a3c798066939c585e309cb737149cff

SHA1
1af3e004f7bcf09b78aa8ef54e77717dd99d6eee

SHA256
96aefbd082a56ff55af8740fac92965438723ca4e4edb6fc290e001dbe63c8a7

SHA512
9dffa5e8fe7389dfb1c39dff6f2df39d6ef0ef51d32443392d34c3ec62da2eb8a6229b57f00a20c59741bae7fcd8660c3948722c1fb93b57eb2847232cf64ca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\yuqmgy.exe

Filesize
994KB

MD5
f30f58fc34d4734152e53a40cdb5efb1

SHA1
d999313f69fcf1fac563c5043bf4b501c6573740

SHA256
a2359c44b5f139e35094bc85b75406a94adb1f8477e98382ecda43718c7b3d96

SHA512
469421d612fb1a2cd52caae2fefa0c6af7e124cc938d801a9ca3f68595f8a2f9749e0ca6f26f0f33c894d5af105d543f1ceac0f6db97d4e8d690564415197337

Download Submit
\Users\Admin\AppData\Local\Temp\yuqmgy.exe

Filesize
2.0MB

MD5
eb965ba57b2dfa1ad4e60926fe8e6d55

SHA1
fe0c48f164b0cdc226d10c8ea44568f32c1988b0

SHA256
092e5a4ec88857f7632f9d1c09529329536b1e0c6c2ad4a89db36ff34dce3cb6

SHA512
22ec94020ef0a197e9e279620eb7b2a9593f18fb3874726e24cf60ddfbfe3971a49a2087e9ac66f59ac4ee4371f186527de02eb857db79ca868e0fff53b6b2ab

Download Submit
memory/2504-133-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2904-34-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2904-15-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2904-3-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2904-4-0x0000000000590000-0x00000000005E0000-memory.dmp

Filesize
320KB

Download
memory/2904-5-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2904-14-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2904-13-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2904-12-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2904-11-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2904-10-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2904-9-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2904-8-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2904-7-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2904-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-16-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2904-18-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2904-20-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2904-17-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2904-22-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2904-21-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2904-23-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2904-24-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2904-25-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2904-27-0x0000000001F10000-0x0000000001F11000-memory.dmp

Filesize
4KB

Download
memory/2904-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-29-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2904-28-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/2904-30-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/2904-31-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2904-32-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2904-33-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2904-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2904-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-1-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2904-26-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2904-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-59-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2904-58-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/2904-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2904-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2904-64-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2904-65-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2904-67-0x0000000001EE0000-0x0000000001EE6000-memory.dmp

Filesize
24KB

Download
memory/2904-66-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2904-63-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2904-60-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2904-61-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2904-68-0x0000000000590000-0x00000000005E0000-memory.dmp

Filesize
320KB

Download
memory/2904-69-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2904-82-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download