13ef0d3d7a9b3c0c76349d6356099668a0c199fc34a7e0a7c8d0f27a4cde8c7c

Analysis

max time kernel
113s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0582ce91a380cf0d7e0839ea60962ee3.exe
Size

1.1MB
MD5

0582ce91a380cf0d7e0839ea60962ee3
SHA1

7cfe8d851a990de01c3c2c300d63eb53b0668d12
SHA256

13ef0d3d7a9b3c0c76349d6356099668a0c199fc34a7e0a7c8d0f27a4cde8c7c
SHA512

964bb82c0ad53e8983986a9382716925dfeddf4a046a009fb86c9e2011b3538ee3314a3b6764aaa7eb02254899a8c3144c99eb5ecd6b126fe9da5bb4eb2705c1
SSDEEP

24576:AWvknOMEfgQZc5upbjBGn7J7RilaiswfE6UGRLSqHLOOg+H:AUeOMmNZcIpHAnF7RwCuddTOOg+H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4076	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 4076	3108	0582ce91a380cf0d7e0839ea60962ee3.exe	88
PID 3108 wrote to memory of 4076	3108	0582ce91a380cf0d7e0839ea60962ee3.exe	88
PID 3108 wrote to memory of 4076	3108	0582ce91a380cf0d7e0839ea60962ee3.exe	88

C:\Users\Admin\AppData\Local\Temp\0582ce91a380cf0d7e0839ea60962ee3.exe
"C:\Users\Admin\AppData\Local\Temp\0582ce91a380cf0d7e0839ea60962ee3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Users\Admin\AppData\Local\Temp\a2srK6JULd\E94JvJIr\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2srK6JULd\E94JvJIr\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2srK6JULd\E94JvJIr\Setup.exe

Filesize
52KB

MD5
e78305314a203426af709b1433e8b773

SHA1
c89144013679efb744fb555246a72635c9014264

SHA256
326c474f4da34a6a40239eb868474e5e012f7eabb1505d169d2999e0637232ad

SHA512
9865a125478b17f7f4d73d081fa93b426d6748fa298921a3cc1a89471b938a590def9fc684eb7f85bd5be8068a0aec684fb285384c9d9efd2635328752b52a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2srK6JULd\E94JvJIr\Setup.exe

Filesize
14KB

MD5
c529e3855010e1dbb728a092e12de4fd

SHA1
cddc900f5ed8847cbed7d8a61396cc3861e740ba

SHA256
7c496f3a74aaf82d0342d6e722e256f45d0baa41f627e4649915347e16999a1d

SHA512
7456c34f53a65649d7562f72fd5caffe9591edc2c1b0df60001fca95f7ae55abe4eca0d1ba008a77d9f932e6e2435f6390619d71e3cf48bed37d86525f50ff5f

Download Submit
memory/3108-1-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-0-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-5-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/3108-9-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-8-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/3108-10-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-11-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-12-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-17-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-18-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-16-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-21-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-20-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-25-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-29-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-32-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-38-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-41-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-44-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-43-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-49-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-52-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-56-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-55-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-60-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-61-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-65-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-64-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-63-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-62-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-59-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-58-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-57-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-54-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-53-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-51-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-50-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-48-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-47-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-46-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-45-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-42-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-40-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-39-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-203-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-37-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-36-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-35-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-34-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-33-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-31-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-30-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-28-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-27-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-26-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-24-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-23-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-22-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-19-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-15-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-14-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-13-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-7-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/3108-846-0x00000000021E0000-0x00000000022DE000-memory.dmp

Filesize
1016KB

Download
memory/4076-426-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4076-619-0x00000000020B0000-0x00000000021AE000-memory.dmp

Filesize
1016KB

Download
memory/4076-837-0x00000000020B0000-0x00000000021AE000-memory.dmp

Filesize
1016KB

Download