229c60b54bdc5ca6dda267a6fc3ed2bb53a6aaff33965f73800cb879d4d85962

Analysis

max time kernel
173s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18eee9bd1b942dc7e6ac1d8e5527a4f3.exe
Size

1.1MB
MD5

18eee9bd1b942dc7e6ac1d8e5527a4f3
SHA1

f2981c0a2722a36a6b5f2efaaeb5c4854fa61813
SHA256

229c60b54bdc5ca6dda267a6fc3ed2bb53a6aaff33965f73800cb879d4d85962
SHA512

d13d384eb91b3e373a7693020ccff07d78e7921585f90d648ad0b6dd3a2187428d3682e04485777b60b8e517cdba08f5101c7c0b7e4e113197b41928a59bf3d1
SSDEEP

24576:AWvknOMEfyRfFsG6fckLg5bI8/2ZHfFB86/3p+lxmF2ZC0p:AUeOMmGsvVLg5bc/FBSlgFcCa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2432	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2432	3008	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	93
PID 3008 wrote to memory of 2432	3008	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	93
PID 3008 wrote to memory of 2432	3008	18eee9bd1b942dc7e6ac1d8e5527a4f3.exe	93

C:\Users\Admin\AppData\Local\Temp\18eee9bd1b942dc7e6ac1d8e5527a4f3.exe
"C:\Users\Admin\AppData\Local\Temp\18eee9bd1b942dc7e6ac1d8e5527a4f3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\a2HjxoJbAa\teWVU4dD\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2HjxoJbAa\teWVU4dD\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2HjxoJbAa\teWVU4dD\Setup.exe

Filesize
214KB

MD5
dc1795fcd83a02d4c2c548f7cdaf4ff1

SHA1
4010a44f5b599c7b10bcfbb983483dac418c67a7

SHA256
b51319138475a0dea842c1a03a5d5e64043a703e2929bd7e70be997bf038d036

SHA512
59ae850dc54b8cc670bf5d0890a8cdf6f73e7ee1ffe20ea1263f54071a90b1dd1f912620fcffff2995bfeab11a02c3808b6eefc10966317a1b9537236b2c25ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2HjxoJbAa\teWVU4dD\Setup.exe

Filesize
92KB

MD5
e37d848c2213c23031af70c3012023f4

SHA1
777af945ee190ba2af2e61f42aa9620f3b40d012

SHA256
f940db51c27ced2d9a5252fb4f8954f3817ee076c6585255f9726f72b1532d6f

SHA512
6c525b3c697993f052addf39d9c3f05e254633af40f6508fe2a7ff04b48bbc6997a8e82536dd22794d1f09a4011cd1312bd3b05e70cd8d98ff7a34f7748858a9

Download Submit
memory/2432-425-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2432-618-0x0000000001FC0000-0x00000000020BE000-memory.dmp

Filesize
1016KB

Download
memory/2432-837-0x0000000001FC0000-0x00000000020BE000-memory.dmp

Filesize
1016KB

Download
memory/3008-33-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-46-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-1-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-7-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-9-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-8-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/3008-10-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-11-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-12-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-13-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-14-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-15-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-17-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-18-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-16-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-19-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-20-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-21-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-23-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-24-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-25-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-22-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-27-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-26-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-28-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-29-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-30-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-31-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-32-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-0-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/3008-34-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-64-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-35-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-50-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-51-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-54-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-58-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-59-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-60-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-41-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-65-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-63-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-62-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-61-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-57-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-55-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-56-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-53-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-52-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-49-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-48-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-47-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-45-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-44-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-43-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-42-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-40-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-39-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-38-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-37-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-36-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-204-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/3008-846-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download