13ef0d3d7a9b3c0c76349d6356099668a0c199fc34a7e0a7c8d0f27a4cde8c7c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0582ce91a380cf0d7e0839ea60962ee3.exe
Size

1.1MB
MD5

0582ce91a380cf0d7e0839ea60962ee3
SHA1

7cfe8d851a990de01c3c2c300d63eb53b0668d12
SHA256

13ef0d3d7a9b3c0c76349d6356099668a0c199fc34a7e0a7c8d0f27a4cde8c7c
SHA512

964bb82c0ad53e8983986a9382716925dfeddf4a046a009fb86c9e2011b3538ee3314a3b6764aaa7eb02254899a8c3144c99eb5ecd6b126fe9da5bb4eb2705c1
SSDEEP

24576:AWvknOMEfgQZc5upbjBGn7J7RilaiswfE6UGRLSqHLOOg+H:AUeOMmNZcIpHAnF7RwCuddTOOg+H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3000	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2296	0582ce91a380cf0d7e0839ea60962ee3.exe
3000	Setup.exe
3000	Setup.exe
3000	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 3000	2296	0582ce91a380cf0d7e0839ea60962ee3.exe	18
PID 2296 wrote to memory of 3000	2296	0582ce91a380cf0d7e0839ea60962ee3.exe	18
PID 2296 wrote to memory of 3000	2296	0582ce91a380cf0d7e0839ea60962ee3.exe	18
PID 2296 wrote to memory of 3000	2296	0582ce91a380cf0d7e0839ea60962ee3.exe	18
PID 2296 wrote to memory of 3000	2296	0582ce91a380cf0d7e0839ea60962ee3.exe	18
PID 2296 wrote to memory of 3000	2296	0582ce91a380cf0d7e0839ea60962ee3.exe	18
PID 2296 wrote to memory of 3000	2296	0582ce91a380cf0d7e0839ea60962ee3.exe	18

C:\Users\Admin\AppData\Local\Temp\0582ce91a380cf0d7e0839ea60962ee3.exe
"C:\Users\Admin\AppData\Local\Temp\0582ce91a380cf0d7e0839ea60962ee3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe

Filesize
7KB

MD5
c360aeb757d1c465faac61cb199d03a3

SHA1
eba8dfa51e72fa3dd8e9e289eadeee4565e7dd06

SHA256
f7c5f8f76678af52a7371257f6e33f14eeea134aa50012be8ed7e8cf6f2c78ac

SHA512
bf88a0c36f62c70e8ea4fa102dd7bae210393a97fc03bdc88db0f774cd4e55fe6b34f67f374c36b0d72b038c2fc513b335130d1ed97949fb7e0df855a34f9176

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe

Filesize
7KB

MD5
a1029c933468ec0873d6a76d4da54986

SHA1
299ea3a134fa3bc4f1a84ce9842848f9d4197af8

SHA256
24bb588c5a8d859d05febc4c66c6c611d1eddbc39f440e299453b8b984c74439

SHA512
b635dc031651e205d641b82288fb0b37e0df0b658ed5f0c070b37e2bb5ed7f26acd98d3eb6fabf80339c20df4f902af560ce2c2f2e0d93bc0f65a65b44941d0d

Download Submit
\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe

Filesize
14KB

MD5
72ec16e3fdeaf9e8602bd9f984d611a9

SHA1
21694a18f19c4c035e3d75b5d1247df369037663

SHA256
ff94ad79e59a63135c30942ea98b8cc1bc749b40b9dc41197a3060e6ee6fa85f

SHA512
74db8bd719bbcb9f3c1b25f75d73ecb6a3e3f3ecf324a1fb490db473a957575dcee3d0be3e71715c3191ae01bfcd61e66a3241bb6667ed79d8dae1c572e0c959

Download Submit
\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe

Filesize
4KB

MD5
f4d065817a6b69d178cffe64d288780a

SHA1
80313d6acd0e505362ba21cda8f714ce981ab714

SHA256
28dadeeceeeba16f08b23628120ab47c6d565adf72722e73e6fdbf63fff5d88d

SHA512
2b560854f57f729333642565006f3a87084f404b69c91b24bc17a56dc10397bf351872edf0af8d828781cc5b6db7c18f2c4ca79e9446b25485ea04544bc5c00d

Download Submit
\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe

Filesize
1KB

MD5
7382991c3d3b8bbd99ec370e43d7d3a3

SHA1
0b6477377bf210690ce74430d03cc5a0ee244636

SHA256
0b74ce25bc2359d955b6faa82722d334bff6d1043246460f932130371bb8b52e

SHA512
54f1838b890744665414386399af0870672b7ce8990fa8539e9d8c06606af0da60b234f565e01339cd5439abf87ac494f96493a045ef30041be88857aea2bf89

Download Submit
\Users\Admin\AppData\Local\Temp\a2iExJYcoH\mESTIgNb\Setup.exe

Filesize
2KB

MD5
5b29c45ab5855ba489c601622cea4872

SHA1
d9cb0538a38cd86f00670e0365bda8d7811f2bd0

SHA256
d6aa0d6e9808348f169dd14c07052af3320f008c584fb1904745709bb9e2f40f

SHA512
0e6e3028ec594d1668e367572631d5bc60481070b9261eac50ef6a908d5432e3797030bc40e83d7348d9f42d1875894bf2a30e912c78da7ff9854999a5f4f4a9

Download Submit
memory/2296-42-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-60-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-19-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-26-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-40-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-47-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-53-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-62-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-66-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-65-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-64-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-63-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-61-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-0-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-59-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-58-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-57-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-56-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-55-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-54-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-203-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-52-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-51-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-50-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-38-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-48-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-46-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-45-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-44-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-43-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-11-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-41-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-32-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-21-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-49-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-37-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-36-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-35-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-34-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-33-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-39-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-31-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-30-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-28-0x0000000075DE0000-0x0000000075EF0000-memory.dmp

Filesize
1.1MB

Download
memory/2296-29-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-27-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-25-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-24-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-23-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-22-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-20-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-18-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-17-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-16-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-852-0x0000000075DE0000-0x0000000075EF0000-memory.dmp

Filesize
1.1MB

Download
memory/2296-15-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-14-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-13-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2296-12-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-10-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-9-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-8-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-7-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-2-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2296-1-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2296-853-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/3000-843-0x0000000002330000-0x000000000242E000-memory.dmp

Filesize
1016KB

Download
memory/3000-625-0x0000000002330000-0x000000000242E000-memory.dmp

Filesize
1016KB

Download