22fe2d81fa3b8426a78c9577ccfca86cf8f4fdf6d5874f308ab917f5f48d888e

Analysis

max time kernel
90s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 17:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

08eb49eed55d7217038f6c1d6cefb1b4.exe
Size

1.1MB
MD5

08eb49eed55d7217038f6c1d6cefb1b4
SHA1

d1ccae26e767619501436104af13dcc17daf53e6
SHA256

22fe2d81fa3b8426a78c9577ccfca86cf8f4fdf6d5874f308ab917f5f48d888e
SHA512

22e562571e3dd7a5a745268454fd8f60eb494a1308a0ae074697fb7ca2d11fb5b39c7fd3cc013b52293dcfa1d77cc1b8d42c072f2c7adc3772cc596cb8ed4511
SSDEEP

24576:dWvknOMEf/hZoaFCmraJ3fYy6o9rIPMLo8TIp7DOwTmFmSFhr7r+B:dUeOMmJhIWsMo9tmnOymwShr+B

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4088	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 4088	2692	08eb49eed55d7217038f6c1d6cefb1b4.exe	93
PID 2692 wrote to memory of 4088	2692	08eb49eed55d7217038f6c1d6cefb1b4.exe	93
PID 2692 wrote to memory of 4088	2692	08eb49eed55d7217038f6c1d6cefb1b4.exe	93

C:\Users\Admin\AppData\Local\Temp\08eb49eed55d7217038f6c1d6cefb1b4.exe
"C:\Users\Admin\AppData\Local\Temp\08eb49eed55d7217038f6c1d6cefb1b4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\a2NseU9vU6\mT5DKVQM\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2NseU9vU6\mT5DKVQM\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2NseU9vU6\mT5DKVQM\Setup.exe

Filesize
46KB

MD5
43aa8fa829ebdd11036ce69ad0b840af

SHA1
3f03c33fa3b1dbe8003409ddf009ada51602c138

SHA256
bbb45c7b1fa4ebb6c6b14081023cb52465a7ed3524e3a4f54fe6f05a29bb7620

SHA512
8d8666119eeac1ec4b3f6b4b7026380ef6e194d30654ebdfc729289ee3567d62906f607e13f2a47675ac04c3924b36ce566a1138075d7cd85a854b8e5064526e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2NseU9vU6\mT5DKVQM\Setup.exe

Filesize
26KB

MD5
a5173bedfa054d6891fd9b34fbbdc64a

SHA1
ad9d9718ada6e76e5661376980e273fb88284824

SHA256
f0fcfb3ac11258514d45dfd5eb520a33357c55a4d09bcf9c1fbd706a89779b67

SHA512
103cf7e608d2f2d1e6b2a0736b5955c6aff9ac3853ca62fa69f83e360f46540cc985462fb53cb52689aac6175a93ba610874adcef4af78a3444702b8f6eed8c1

Download Submit
memory/2692-0-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-1-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-3-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2692-7-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-8-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2692-9-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-10-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-11-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-15-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-21-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-25-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-24-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-26-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-27-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-34-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-35-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-36-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-43-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-46-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-45-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-44-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-42-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-41-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-40-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-39-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-38-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-37-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-33-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-32-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-31-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-30-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-29-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-28-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-23-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-22-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-20-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-19-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-18-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-17-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-49-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-55-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-61-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-64-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-65-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-63-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-62-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-60-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-59-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-58-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-57-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-56-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-53-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-54-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-52-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-51-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-205-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-50-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-48-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-47-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-16-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-14-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-13-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-12-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/2692-846-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/4088-427-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4088-619-0x0000000001F60000-0x000000000205E000-memory.dmp

Filesize
1016KB

Download
memory/4088-837-0x0000000001F60000-0x000000000205E000-memory.dmp

Filesize
1016KB

Download