8c8a444804754ab382e45a64042cd2da8a27f89d6d46dc2a40b81461676fd6ab

Analysis

max time kernel
143s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd4f8865548c91fcd903a49d428079e7.exe
Size

21.6MB
MD5

fd4f8865548c91fcd903a49d428079e7
SHA1

18d6bfe71ada5931fc9173f0a2cb96f09e3c19ec
SHA256

8c8a444804754ab382e45a64042cd2da8a27f89d6d46dc2a40b81461676fd6ab
SHA512

4d10c2a37d84be23d9b5b701029e904a8b1ed5103ad24d6a2b1eb024769df7bd9a976ce399c226f35ca2422c28dcd4885c08938d54d337ccd320e94d26033987
SSDEEP

98304:EcKHzs24Wvzs14WvzNnzs24WYvzs14WvzOnzs24WYvq:E9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2540	khneu.exe

Loads dropped DLL 2 IoCs

pid	Process
2004	fd4f8865548c91fcd903a49d428079e7.exe
2004	fd4f8865548c91fcd903a49d428079e7.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	khneu.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2540	khneu.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2540	khneu.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2540	khneu.exe
2540	khneu.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2540	2004	fd4f8865548c91fcd903a49d428079e7.exe	28
PID 2004 wrote to memory of 2540	2004	fd4f8865548c91fcd903a49d428079e7.exe	28
PID 2004 wrote to memory of 2540	2004	fd4f8865548c91fcd903a49d428079e7.exe	28
PID 2004 wrote to memory of 2540	2004	fd4f8865548c91fcd903a49d428079e7.exe	28

C:\Users\Admin\AppData\Local\Temp\fd4f8865548c91fcd903a49d428079e7.exe
"C:\Users\Admin\AppData\Local\Temp\fd4f8865548c91fcd903a49d428079e7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\khneu.exe
  C:\Users\Admin\AppData\Local\Temp\khneu.exe -run C:\Users\Admin\AppData\Local\Temp\fd4f8865548c91fcd903a49d428079e7.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\khneu.exe

Filesize
282KB

MD5
67c510b49889aca14c5fbfbd0aaf86f5

SHA1
f9572cfedc692f829f32793918e5ca5aa801bba4

SHA256
7699e8d27cfb63ec7ba4b126ee013ffc9f82dc8356dc6f5d997bc0f5b1770f3d

SHA512
d45f9b03bd4c3fccbf3e20745208fbb0da28b1b175b4d786b4edbf88a54dece0281f07dc29555a893dc9ba249a121333d8c8281e70c63358f089b5712c1281d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\khneu.exe

Filesize
123KB

MD5
bd216fffdacf6bcee7a2af0e83a87eb6

SHA1
b360e568b2aaf25238693b812e7f858ed6e3baf5

SHA256
a04a2eb7ce30a560e0a3afb280664c336f3fc2c8ec8f021081aacf377ff9a030

SHA512
4040ca8cf00d09a4ddd29d5a9cc4f027551e1cfbf655770803a30ae85a9740a9c8d32965eb8e8cf9a0b54ac658ba00ced82c4ff047e5737fa30f65c458425be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\khneu.exe

Filesize
132KB

MD5
e229e72339928fdbd379ca9fde2ba492

SHA1
68e0eb6f16e8feefc1d08151fd0176dcded8553c

SHA256
8867264f17a73f25b152c2d5552340f92944d94a49dd50dd833b78c33ce4acc4

SHA512
af0a9bd67034d279b5e2d9f5a766d5009c2ca61522c44d26a7e345b5b65911b9df79e6acdc51d0eebf4a69f758aedc288260cdab8d07af67bb61d29fefd7c0ed

Download Submit
\Users\Admin\AppData\Local\Temp\khneu.exe

Filesize
219KB

MD5
be441980be9a497cd85f14321ebf5935

SHA1
472832fa04bd8e60a11a77387216ff4bee03d76e

SHA256
97abdf59299267192cb490534edd169872c566ccd6e00a722100d3b5b2b1bd80

SHA512
1ebf14802d7982e48300f47b117c7b479be4b9cd01c4e171b68e62e7ed92659f7199855cdbf1499d5c042ecf33fa5efc7af2845321882ff2bbab02da4796b26a

Download Submit
\Users\Admin\AppData\Local\Temp\khneu.exe

Filesize
194KB

MD5
e9644e6f3150af1e94dc8dc3174902a3

SHA1
30bbe75c410fc6092e6eeab3a77c6cadf8e0edfb

SHA256
a9cd77f361f6c1e339c74f8040fd8acfc234ee31a21da6d03bba93f8d8293484

SHA512
2ea624656ca5e136db48d67ef0f48cfa5349cab516695ad9e965623d57f0937f2cc3f094f554cb5ec995cfe68bb12b41439478fdda9143d1dba1df5aee342065

Download Submit
memory/2004-5-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2004-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-21-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2004-20-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2004-28-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2004-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2004-27-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2004-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-26-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2004-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-24-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2004-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-19-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2004-18-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2004-17-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2004-16-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2004-15-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2004-14-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2004-13-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2004-12-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2004-10-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2004-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2004-8-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2004-7-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2004-6-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2004-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2004-4-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2004-3-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2004-23-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2004-22-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2004-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-48-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2004-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2004-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2004-1-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2004-2-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2004-45-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2540-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-53-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2540-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-52-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2540-51-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2540-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2540-105-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download