5bf0aaaea17c221f29df276cf026f174195c33471ecc482047f6646fe9291f71

Analysis

max time kernel
92s
max time network
17s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 17:04

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

fb028a6b703ac868fd028cf8e312f2a2.exe
Size

3.0MB
MD5

fb028a6b703ac868fd028cf8e312f2a2
SHA1

c325fc3b68b3f5b42911573ada95917f8577ed93
SHA256

5bf0aaaea17c221f29df276cf026f174195c33471ecc482047f6646fe9291f71
SHA512

ed7889e0abac786725e4a90e254bc57cf441d08b577a97ff196e64ff43aead391f9f8cb127005b4e6b5cb54e46180972b002064be319b07886540e9234bb62d5
SSDEEP

24576:+7QFRUm/rCYAj8pXU+Cz6odAj8pXU+Cz6oqrCYAj8pXU+Cz6odh/rCYAj8pXU+CI:EQFRHrmQG+rQG+rrmQG+urmQG+9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2308	jfykac.exe

Loads dropped DLL 2 IoCs

pid	Process
2196	fb028a6b703ac868fd028cf8e312f2a2.exe
2196	fb028a6b703ac868fd028cf8e312f2a2.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	jfykac.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2308	jfykac.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2308	jfykac.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2308	jfykac.exe
2308	jfykac.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2308	2196	fb028a6b703ac868fd028cf8e312f2a2.exe	28
PID 2196 wrote to memory of 2308	2196	fb028a6b703ac868fd028cf8e312f2a2.exe	28
PID 2196 wrote to memory of 2308	2196	fb028a6b703ac868fd028cf8e312f2a2.exe	28
PID 2196 wrote to memory of 2308	2196	fb028a6b703ac868fd028cf8e312f2a2.exe	28

C:\Users\Admin\AppData\Local\Temp\fb028a6b703ac868fd028cf8e312f2a2.exe
"C:\Users\Admin\AppData\Local\Temp\fb028a6b703ac868fd028cf8e312f2a2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\jfykac.exe
  C:\Users\Admin\AppData\Local\Temp\jfykac.exe -run C:\Users\Admin\AppData\Local\Temp\fb028a6b703ac868fd028cf8e312f2a2.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\jfykac.exe

Filesize
1.2MB

MD5
12a1aa4be0f529113bd6bd3498a79f15

SHA1
9981b670ae8238c20727474a126e11cedf8d2296

SHA256
4f7b0668f79190216b58530396c95b88dfd9e0a57d190b53c586c69fa52d5d24

SHA512
65aa126b25f3a89b8c90262c9f460d2c9324889e9f337876807420fe29144111dfc57117953c791f2fb4d4fac6aa77907edb3e185da4bd35f344107a6a9a90c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\jfykac.exe

Filesize
456KB

MD5
eea66b2761f4c4544d7ff8f2c3c663f0

SHA1
c856e4bb63b9e2f199e23fb820ab10067e0bbc4a

SHA256
8fe5567016c5433678be1ab9eec00e7e30f91dca1e9de9b9f2f2d967a3ea8b75

SHA512
4945c81f366b50661a021cf5893b52b796b4d455bd457a65e7736c566ed6d44335f60cf275e1cc0da3edbca0127cf8bb212ff185852886870a1af49c7143d23e

Download Submit
\Users\Admin\AppData\Local\Temp\jfykac.exe

Filesize
1.4MB

MD5
452943404dd0c14b4274222cf1c12d96

SHA1
88256340e7eadd5755e7624ff73545f4c361904c

SHA256
c5e3a6658f7e8816bfb6bb446e763bc2e11480901421a76fdc274b1b65052686

SHA512
d7caffe085ab98a923aeaba0309c151687e30eb9be60e29ae1432bf196070df38b7bcb87400b557247ce360d690db4c08dbea22295d3adca19e7bf31c396ff1c

Download Submit
\Users\Admin\AppData\Local\Temp\jfykac.exe

Filesize
991KB

MD5
c43a805e6af4c8cb3b94b9bb51fc891f

SHA1
59d08eaa7dba91a88df094cbce082fa2573e4be8

SHA256
950285b3b440dfe220fcb5e13d9ad13bad5e3af97382a08359f58feb023e683b

SHA512
2ee040cc8ef370c8bc798e1e1fef9a639f62f3727d025f0efcf3741de55dfc8f16fb82b89ae947d1bf0e6f7357c41fbedcbb04da3bfff70331c0febdd348684a

Download Submit
memory/2196-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-27-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/2196-26-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/2196-25-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/2196-24-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/2196-23-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2196-21-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/2196-20-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/2196-18-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/2196-17-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/2196-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2196-15-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/2196-43-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2196-13-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2196-12-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2196-10-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2196-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2196-8-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2196-7-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2196-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2196-5-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2196-4-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2196-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2196-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2196-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-19-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/2196-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-46-0x0000000000330000-0x0000000000380000-memory.dmp

Filesize
320KB

Download
memory/2196-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2196-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2196-28-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/2196-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-1-0x0000000000330000-0x0000000000380000-memory.dmp

Filesize
320KB

Download
memory/2196-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2196-2-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2196-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2308-102-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2308-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-49-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2308-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2308-51-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2308-50-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2308-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download