8dada117e4a25836d2251d1c55efaf3d5394c94865ba37442866ba1b290e060d

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d530e05498a9db069de0b83dc301cd10.exe
Size

8.6MB
MD5

d530e05498a9db069de0b83dc301cd10
SHA1

a3731dd0e278f5b8b8658c9a217a0e094516e84b
SHA256

8dada117e4a25836d2251d1c55efaf3d5394c94865ba37442866ba1b290e060d
SHA512

1ee57ee7fd4542f542ba3925b5d3df62785746d4a6b8c048dab73cc91129be7531eaa42c89d5432772457a86a8d019539c653218c6c3dbc4542d60e318a960db
SSDEEP

49152:EQFRHrmQG+yrV2fdxZrmQG+yrV2fd6QG+yrV2fdxZrmQG+yr5fdxTrmQG+yrV2fX:EcKVXVUXg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2672	vsiaz.exe

Loads dropped DLL 2 IoCs

pid	Process
2548	d530e05498a9db069de0b83dc301cd10.exe
2548	d530e05498a9db069de0b83dc301cd10.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	vsiaz.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2672	vsiaz.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2672	vsiaz.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2672	vsiaz.exe
2672	vsiaz.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2672	2548	d530e05498a9db069de0b83dc301cd10.exe	23
PID 2548 wrote to memory of 2672	2548	d530e05498a9db069de0b83dc301cd10.exe	23
PID 2548 wrote to memory of 2672	2548	d530e05498a9db069de0b83dc301cd10.exe	23
PID 2548 wrote to memory of 2672	2548	d530e05498a9db069de0b83dc301cd10.exe	23

C:\Users\Admin\AppData\Local\Temp\d530e05498a9db069de0b83dc301cd10.exe
"C:\Users\Admin\AppData\Local\Temp\d530e05498a9db069de0b83dc301cd10.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\vsiaz.exe
  C:\Users\Admin\AppData\Local\Temp\vsiaz.exe -run C:\Users\Admin\AppData\Local\Temp\d530e05498a9db069de0b83dc301cd10.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\vsiaz.exe

Filesize
92KB

MD5
3c7f849571b57dbab2a02f27a946ed9d

SHA1
850c585fc9f373d306bb3e4b80f18f1642e5ba84

SHA256
c33d63462d5c80680feb49b43ce7274407f96a1ff7f76d4e84970dd6421d9e75

SHA512
f28829945075252b72a807d09f1b743b526b95c79ec010012965e283345cbf2259c659de719c0ec66f7e94a78eb5eb534936f27125063cf44c63bc5c4951b1a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\vsiaz.exe

Filesize
217KB

MD5
b459b8dd88fe6627b6f98776cb819628

SHA1
1a1b83f1ed52634806f90e025faa6a679f325f40

SHA256
9bbdc44c7c49ab7458a4b5cb690dd63e6a5d351741f13e7370e14ff0bf92bcbb

SHA512
664c390fcaf97bff7c1ffa2ee820512472ca6a41818076f940547c230d053e770660b369f1500ea4fd541136b4c8155aa60881919451a5f129d1c8465f9ce790

Download Submit
C:\Users\Admin\AppData\Local\Temp\vsiaz.exe

Filesize
96KB

MD5
27485141896b60938889bb7413d53ae1

SHA1
9692d7d3ee118312e83456a0ca39e1481efa7ec1

SHA256
a57dbf1d2862cfa87ea5494e2e9ac7b87f96a1c38395a36072c2c3e65121b431

SHA512
98efd277894f38951845715b4b53f3097bb5d398061b07bd27c2e0513266b4fca19cb615387567559d6571be4219fb7ef52aec981ec5d8f55b779d0e6c0301b9

Download Submit
\Users\Admin\AppData\Local\Temp\vsiaz.exe

Filesize
225KB

MD5
91184fb70f4b3319b9a516b4a171ed7a

SHA1
79573871478a94ddb5ed68a37b616a3b19f676a2

SHA256
ee348f213a131b3ef6d59a21a4f8bde96049d7e33e2cc8560498d918751e38ff

SHA512
5e10f026de5a17b4a42712925e12a24186d7b32ab0a427f3d3e7dba8d12b9f997c6283a61cef9067832af0384b4ae844323601d5a32c327a99b5b89174754c35

Download Submit
\Users\Admin\AppData\Local\Temp\vsiaz.exe

Filesize
165KB

MD5
652baf9220870669e1983191b5f2cf38

SHA1
77a8e07d7d9b81fc05f98f64d33a976f283ab791

SHA256
7869bf73c65876c24df353745dcb4f072b38e7331b0ffc4be9825f73b8e600fd

SHA512
43334f3fd67bb63f32bcb70c58e65f6de3a33672065e40e7fa5d47b528d079d05bc8c0b4caff97dbbf40a0dab7e6b553e1c411add95760a26b1a6c6888d33563

Download Submit
memory/2548-20-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2548-17-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2548-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2548-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2548-4-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2548-5-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2548-6-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2548-7-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2548-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2548-9-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2548-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2548-11-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2548-12-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2548-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2548-14-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2548-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2548-16-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2548-52-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/2548-18-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2548-19-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/2548-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2548-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-49-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2548-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-27-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2548-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-1-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/2548-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-25-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/2548-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-28-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-26-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/2548-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2548-24-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2548-23-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2548-22-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2548-21-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2672-65-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2672-56-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2672-57-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2672-58-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2672-59-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2672-60-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2672-61-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2672-62-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2672-55-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2672-63-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2672-68-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2672-64-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2672-67-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2672-69-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2672-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2672-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2672-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2672-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2672-66-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2672-112-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download