154f6749af6236af27ca36da9675718826db24c838340cbfd11c6d5a4c2c7e01

Analysis

max time kernel
133s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe
Size

388KB
MD5

1ad95a5f3e1ccd21a22e486e4f0b1f4d
SHA1

7929d7c14ab3e17c89f7f093c1e8c862cd698935
SHA256

154f6749af6236af27ca36da9675718826db24c838340cbfd11c6d5a4c2c7e01
SHA512

cdffcb73b628418185cafb6588190256ddeb300f88f1acfadfb890ec5c8a1d62786559e0925a3e92d5385fec2f6752b841d4dba3ffd2e4e581b9ed75633df692
SSDEEP

6144:ISI5kqTzKcS2iJQoRPXHge7+zssn38HPhd5CnbjUW8pE1Y3S:GpTzxSFQoRPXgeCsYMf3WuEoS

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2208	1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe
2208	1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2208	1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe
2208	1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe

C:\Users\Admin\AppData\Local\Temp\1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe
"C:\Users\Admin\AppData\Local\Temp\1ad95a5f3e1ccd21a22e486e4f0b1f4d.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\gfd6567.tmp

Filesize
261KB

MD5
ffde0f5aefa1b53f1bdeb4d9ff974d53

SHA1
279bc63301a470da5f2b20a1118bcb129b1a0a2a

SHA256
715cd0bbc1c03b87876f035075ca86d4fb213bb6abd5de75bae9cfa6dc93491d

SHA512
add2f078498bcc0740e529828af9270bf7f1fb7e32dc02b1c80b8257faee51499c7f91f1d8963142cf6c29323c7bbae4b3f47f2ce94010230e07f7a4b466be10

Download Submit
memory/2208-0-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2208-3-0x0000000000210000-0x0000000000256000-memory.dmp

Filesize
280KB

Download
memory/2208-4-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2208-5-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2208-6-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2208-8-0x0000000074690000-0x0000000074D7E000-memory.dmp

Filesize
6.9MB

Download
memory/2208-10-0x000000000A120000-0x000000000A8C6000-memory.dmp

Filesize
7.6MB

Download
memory/2208-18-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2208-19-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download