6df2dbd29508c4ba6427683af38b1db461d6f645258dc3c737c7d196691812c5

General

Target

02965b74dd6c2b457aee765e9bdf032b.exe
Size

757KB
MD5

02965b74dd6c2b457aee765e9bdf032b
SHA1

ebfd4480b6bbead8abbc1d52ee4ed66976da757e
SHA256

6df2dbd29508c4ba6427683af38b1db461d6f645258dc3c737c7d196691812c5
SHA512

6e6f151420f417e8703e91c9d1a8475dd07d8e98255dd5d3d9558e1ed6f969cfc953d9981257888f82438c43f6ca6f33ddee1eaad45c04af3b194b1cbdcdbc74
SSDEEP

12288:yJOq88okny7j1dQryuIX14LsPvy+cY7xfSQ6WECyhmbP:yJx8X7jv7TqLsCu5cWEthmbP

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe	02965b74dd6c2b457aee765e9bdf032b.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe	02965b74dd6c2b457aee765e9bdf032b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	02965b74dd6c2b457aee765e9bdf032b.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main	02965b74dd6c2b457aee765e9bdf032b.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\lnkfile	02965b74dd6c2b457aee765e9bdf032b.exe

C:\Users\Admin\AppData\Local\Temp\02965b74dd6c2b457aee765e9bdf032b.exe
"C:\Users\Admin\AppData\Local\Temp\02965b74dd6c2b457aee765e9bdf032b.exe"
1⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:2984
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun57.bat" "
  2⤵
  PID:2324
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo Y"
    3⤵
    PID:1300
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe" /G Everyone:R /C
    3⤵
    PID:4620
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun70.bat" "
  2⤵
  PID:2020
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe" /G Everyone:R /C
    3⤵
    PID:3040
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo Y"
    3⤵
    PID:2492
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun36.bat" "
  2⤵
  PID:3052
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\Desktop\Internet Explorer.lnk" /G Everyone:R /C
    3⤵
    PID:872
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo Y"
    3⤵
    PID:380
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun58.bat" "
  2⤵
  PID:5088
- - C:\Windows\SysWOW64\cacls.exe
    cacls "C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\╞⌠╢» Internet Explorer Σ»└└╞≈.lnk" /G Everyone:R /C
    3⤵
    PID:4356
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo Y"
    3⤵
    PID:4196
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\srun57.bat" "
  2⤵
  PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe

Filesize
148KB

MD5
4d0331b72e6e07ef6357db300f51d037

SHA1
88f838fcc4fb943f4fba300027750ee48c036558

SHA256
9d7ec64e0784619cad1d6ab7940432314e8f5757da87d8398f94a4f1227fa843

SHA512
88b229a5ea12cf9d41afe8aa2c71b1d9bba9898d2c34461e2e79529b372168724b19ceea7b4d6229ec1d76c8a8052b6084bf80d60fc41496e01722d5ca3bf60a

Download Submit
C:\Program Files (x86)\Internet Explorer\ie\iexplore.exe

Filesize
95KB

MD5
3c9c4c8773f62a90e9866f679bc8442e

SHA1
b49f303c1caeb0cbd1eb80ce8be893e757c39d8d

SHA256
a4b2d5e473ad9fe752441a4f0daaf7937c6b2b4590e6345a57567b09cb9e36f8

SHA512
4fbb4d705464ec393ae7f260379eb5a0cfe38ff8dc89caa070354ea921be9404d980fb36b2626ea76dae51b7405129cff5d5c544362307fc6123e0452246ec07

Download Submit
C:\Users\Admin\AppData\Local\Temp\srun36.bat

Filesize
130B

MD5
d1a4b4be04345e232e3da1a1acc04368

SHA1
adb484b82efae58b7d0660e627208969f6f18b05

SHA256
01563336010d132bcc1de890877b0f37efbad41a71dc24582a8d956a84419bb3

SHA512
8433a4e5ed9eee804b97f4125469a3e93a75032ef39ae73ab5d6f5387ce1a0696bb4a0cefd651f5a9a0e499b69721549a2a470f12d507e070372c10645fcb712

Download Submit
C:\Users\Admin\AppData\Local\Temp\srun57.bat

Filesize
142B

MD5
487ea8791af6a1fea7d1fd5c99ef39af

SHA1
69e5f87ea9587a8907f8e8d2e3507c517ead5231

SHA256
84159672bde0d87de1be5e37d5a22872388ea1d8b8bc240ec1f8ca679016c61d

SHA512
1165e969deb15de7db8bbbafde33c9af8ca0beccd78ab359dd26599f3ce939f7cc7225a70c4736e05760c77066c9246fa4f8b998a1ceb986e212a82ebe19aedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\srun58.bat

Filesize
191B

MD5
3c1beb330cb9450e850762b2acb286a3

SHA1
56f0249944e56a5fb9282675da45a6607a6df68f

SHA256
ce79ff25f8f1891808c9e1ba90971aaf6903429bdcab329dd4fbe1853e41a4ac

SHA512
bf7978470a781b53f7758a79beeff454c0d8631d2d97d241fb50cd56926d96c7de1f7ffddfb1078063c0892712bfca74b8349842603216e9bafcda59dbddf685

Download Submit
C:\Users\Admin\AppData\Local\Temp\srun70.bat

Filesize
142B

MD5
a40b6426c6f9de4b139af7944a8221bd

SHA1
75dc8fa8df35e8d822d42c7a3e6fa716ccf8979e

SHA256
8a9346b16e60a2beb3c294dedcd93268e9f18ae4244685afbd1b784a69040a74

SHA512
dc114b72ffe918877230802d05c6aba86f1110cff0b35393613d35aa40740ab0688a87e2f16f864dc8a22a399c95ce2c00ed666d6eb682e73c768172f5499aef

Download Submit
C:\Users\Admin\Desktop\Internet Explorer.lnk

Filesize
1KB

MD5
0d4eda752bc2887aedef6d34f196f61e

SHA1
e1f7f853c6cab0dc086bb52c94bd0a0a3e8beaac

SHA256
9bd78ce4190f4dee5203f0ede18b27759cffd5f52ee4defaa1cf0f50087ece03

SHA512
8585206d670f4b80ea09fe4456104021ebd49f60c43bbf822920bdc5927081f86568879b09b48419a7717d4c3ed819375a4785e376fa6cc6675e8ba54fd540dd

Download Submit
memory/2984-5-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-7-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-9-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-10-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-11-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-12-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-13-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-8-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-6-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-0-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2984-4-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-3-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2984-2-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-45-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download
memory/2984-1-0x0000000000400000-0x00000000004C4000-memory.dmp

Filesize
784KB

Download

Analysis

Sharing