229c60b54bdc5ca6dda267a6fc3ed2bb53a6aaff33965f73800cb879d4d85962

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18eee9bd1b942dc7e6ac1d8e5527a4f3.exe
Size

1.1MB
MD5

18eee9bd1b942dc7e6ac1d8e5527a4f3
SHA1

f2981c0a2722a36a6b5f2efaaeb5c4854fa61813
SHA256

229c60b54bdc5ca6dda267a6fc3ed2bb53a6aaff33965f73800cb879d4d85962
SHA512

d13d384eb91b3e373a7693020ccff07d78e7921585f90d648ad0b6dd3a2187428d3682e04485777b60b8e517cdba08f5101c7c0b7e4e113197b41928a59bf3d1
SSDEEP

24576:AWvknOMEfyRfFsG6fckLg5bI8/2ZHfFB86/3p+lxmF2ZC0p:AUeOMmGsvVLg5bc/FBSlgFcCa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2556	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe
2556	Setup.exe
2556	Setup.exe
2556	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2556	2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	28
PID 2264 wrote to memory of 2556	2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	28
PID 2264 wrote to memory of 2556	2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	28
PID 2264 wrote to memory of 2556	2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	28
PID 2264 wrote to memory of 2556	2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	28
PID 2264 wrote to memory of 2556	2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	28
PID 2264 wrote to memory of 2556	2264	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	28

C:\Users\Admin\AppData\Local\Temp\18eee9bd1b942dc7e6ac1d8e5527a4f3.exe
"C:\Users\Admin\AppData\Local\Temp\18eee9bd1b942dc7e6ac1d8e5527a4f3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe

Filesize
15KB

MD5
73deaac71f4ba91adf67a9a32238e51a

SHA1
510c47440d80de199e7d82b50f197242fad6fd36

SHA256
912d54212504c6c2b2e2ca1491206aba412f0e101c9f39c1c6afcdad3dee0469

SHA512
50a994532b507435cb081ad746a37a7a02d9e9cb5791475cb383e23930e606b87553d7a5230853efef5516fe2d3b5b981dac91f56307abea5ec129f39791af49

Download Submit
C:\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe

Filesize
29KB

MD5
e3035835cb6c24204f55015855b990cd

SHA1
f9ce7898484a275137f0e3fa1562b3586090b778

SHA256
eeef99dbba614b144e4736990b7267b6a66bab91c3f464249ba602333e0bbdb0

SHA512
ce84773de17f86b81434c229bf00d72d1d2de31e8d16903906a4149a36f1257334b6896633f4208d5e01b0962ccfb384baeda2a24182947802424796a4cd3f71

Download Submit
\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe

Filesize
30KB

MD5
59e7ca382e6db6b18ceeec4d260453ac

SHA1
825873f530def9ade68d5742c7785a6cc0356dc1

SHA256
9aa35b8131af997109df2718064773bacea0f250e9f5fc97ba415576189da157

SHA512
456869a52719b7690f73c508963d0ec6c361f9353668398b735957056ff1e8e0fc6ec16fa2ca0f3617c746dd414806eca5551ef1875e7799c2548c21fd7e6243

Download Submit
\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe

Filesize
23KB

MD5
a26792119f14e3ce8ca7885646d27e7c

SHA1
d87f67f68300a9a8e2a894f1f7b3cbd3a78865ef

SHA256
181f9d85fd9a4dadbd6f76f650f49b41565eb6bced77fb1696db5094c73b30c9

SHA512
8f4bd058f0962ec28387dd975e4d1b300bbcd87d80a2e40613f0f31715f35e373fe73f011e012eac6bc03fca7d518dfbf28d686a2d8e8f7586d721f9f3790cea

Download Submit
\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe

Filesize
22KB

MD5
defc9d455fcd1665567eeffacca98c25

SHA1
b78408b24ac8c94f8b9035b97a0aa84116bafc0e

SHA256
b30861f7e96ee2270138dd2c8836b83b8cf32147cbd49a5cf0d719eb389981fc

SHA512
c31cc4cdecc71337a146186d108dcdfb10aa20a79271abb46d73a3a7e185f355cb68340d808b3890125af2bcfcb633df31d92b1495f443fbee26448006038d74

Download Submit
\Users\Admin\AppData\Local\Temp\a28IMdy4SH\TfySFT5L\Setup.exe

Filesize
47KB

MD5
88143c6e3910cc121433d0b095775cb1

SHA1
5ad4017f02731a096ed9baa2365cd41f6269680b

SHA256
a28e1214345ca538d151fef00867c5df06a9630c47dca3d9c7142859cd6092cf

SHA512
a63691acd96e706d51e3bdd638602acc32f90358e19930078fea84a6b4d97cd5c52649b3f641aaae24cfa609c715572fd9bef30f8ab5cfa404e495d18ea2445f

Download Submit
memory/2264-66-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-59-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-7-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-8-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-62-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-11-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-10-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2264-13-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-12-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-16-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-15-0x0000000075DE0000-0x0000000075EF0000-memory.dmp

Filesize
1.1MB

Download
memory/2264-19-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-20-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-21-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-23-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-27-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-30-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-32-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-34-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-36-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-37-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-46-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-48-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-55-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-56-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-57-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-54-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-58-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-60-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-65-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-1-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2264-64-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-9-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-0-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-25-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-63-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-53-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-52-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-51-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-50-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-49-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-47-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-45-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-44-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-43-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-42-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-41-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-40-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-38-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-39-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-35-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-33-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-31-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-205-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-29-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-28-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-26-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-61-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-2-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-24-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-22-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-18-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-17-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-14-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2264-852-0x0000000075DE0000-0x0000000075EF0000-memory.dmp

Filesize
1.1MB

Download
memory/2264-853-0x0000000001E40000-0x0000000001F3E000-memory.dmp

Filesize
1016KB

Download
memory/2556-843-0x0000000001EC0000-0x0000000001FBE000-memory.dmp

Filesize
1016KB

Download
memory/2556-623-0x0000000001EC0000-0x0000000001FBE000-memory.dmp

Filesize
1016KB

Download