b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-12-2023 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe
Size

4.8MB
MD5

390542590a3ae0539612d7888ee82722
SHA1

8f3e523c92ce73042067d6615d508a629e1f9b52
SHA256

b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea
SHA512

4fe53572f379c8c85b37862067b612df408160bf17d6871b60a94c223fb33bbc410619422e532711d989047d80da0ab62f1569cd4ad958f2a1de5cc49ee61ee9
SSDEEP

98304:ugu9llk/yHwNf3n48yk1aaKdzOJDb4v+uY:sllzBZwN0v+uY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1560	b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe
1560	b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe

Modifies system certificate store 2 TTPs 2 IoCs

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1560	b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe

C:\Users\Admin\AppData\Local\Temp\b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe
"C:\Users\Admin\AppData\Local\Temp\b2380030443b0c3f261a4976d01789eea4c387f93d15f7710fbabf33cf7eeeea.exe"
1⤵
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:1560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
857a37daaa63b3e92127c8915dd97ea0

SHA1
284b3ebfbf6c97bbdc70d5a9e22cc69ccc36f4ea

SHA256
7be8dfc166b7032e3dc0cd47f55c03e9b778b25fd58f88c1d57177b427b8a037

SHA512
405da16315d8985999ba549bbda82025b5409553b64fec5103b79ae164e929e810800322182160305ac2fb2817ac318aae0c613c78490f9f64015d2487b77c2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ca1e53dedbc0eb734223e0f7bdfe40e6

SHA1
09b5a75ba2e9920218db3d917970cdd5d2f584d4

SHA256
e93724619a84a40a96cc4604c8410374f184999940196e98e94809b2bca15249

SHA512
7c99696b289feefd89eac042181561622d75406c8cb51aee4853d46166dd38bf49c9027c302ed07a6e41542daab8d2ad3423e031e243ff34ac7f14a10696346b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
46ba58f4d6fe8017bb2b746220f134ae

SHA1
b2d224c2a3885725b1cefb75087701e1e6c3aa9c

SHA256
8eeafb6cbf653d29741788b557ddf08c150668e0409a1c2d4134cf47808adc4f

SHA512
12aef2013e9d63907deaf998a84dfe8a469d09096fe89f4c5b8f31f019d09022909c3a455524e31ff9d95ec2824ebba35da41e40a53ccddfaaf847329bce9eb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD8E.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\lite_installer.log

Filesize
4KB

MD5
12c5153bec8e3325c36905b0a28b176d

SHA1
b0161eee1a1b53426e64510ec1749bc129e69277

SHA256
57e22c72112f8a0e812d01de00c0f38c314a21e275ee316a8145db1675777419

SHA512
18ebefca40a43558e43d7660cb6a3bdca8769e523c7c1b4aa5f70eb926226f040d6d14b1ae23ca63db50653f56662260a172066eaf877786b4ced3afebe27878

Download Submit
C:\Users\Admin\AppData\Roaming\Yandex\ui

Filesize
38B

MD5
2ba4b4fdb021682deda7ca4deab8d5d5

SHA1
abe6aa8d18f5119996e8b34d67af8231a3fd061e

SHA256
d41b59f2970abf3aaa73f50a5579b368d78ca677b5868859226af1413b7a8bce

SHA512
781f37a1b2f356c90e917d6f9489f91122ae0950cb429b9ffa62c44e792eff00b817c5c15d68c6460251e774b862882e133ffa7c13cb27a106c84323520f18ae

Download Submit
\Users\Admin\AppData\Local\Temp\yb963.tmp

Filesize
2.5MB

MD5
e06bf7551ac2e8715a866334af633e32

SHA1
3401665e3f7b48c2607f8071d5bcc32d4d2be184

SHA256
1b4341a20b0b809073606db8ee11c28dae2714c7192ad9a9b490f305cf8ace9e

SHA512
849779c5f0c181540948a1c8e02b935de501926736d83a5790793b9bb7a9c763fe7f62138d14a90668f8531970ec7ac8f61007f6de8d5d7baae58811010d0d16

Download Submit
\Users\Admin\AppData\Local\Temp\yb963.tmp

Filesize
2.1MB

MD5
02c2d7871c8578dad3c38034229283fb

SHA1
7cd1dc4eca0f8767ce4f872655091210bc43987e

SHA256
031c412f37184f5a85f08f94b6ffc897bcefba92ea9568582d5c5f5163a8c214

SHA512
ae0895c4615aa0f42b7e6f1549b16bf28f684edc7db7a2e003fb1a8e8537378bc314ad5103acc72d3e0a40d7fea3b7edc4ba993cc8ab326c5b72b2730f463d9c

Download Submit