56ef58e4c7f75d4a1edabfbd55ba8c75286b29b542090f170324ef37cc76b9de

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07a415abbf1b173fe30680dd27c366ef.exe
Size

3.3MB
MD5

07a415abbf1b173fe30680dd27c366ef
SHA1

7fc8fbbcee9a301f96a5a0d56659eff01b90c655
SHA256

56ef58e4c7f75d4a1edabfbd55ba8c75286b29b542090f170324ef37cc76b9de
SHA512

220c8647441701c5c02cfa3f2b58c00c9ea77059d06e0696733e7b8a4cea4f0d51025ce3d5bd7114f2083f45d20277ab472a7745f01741e3a59241d28150fc42
SSDEEP

49152:NGPQ91PV3rFFjeeJ6j8Dwq81KDE33xxNpb/Nd5tCQ5UhQEhpd8pEOoLxvonbaUb6:NSEF1Z0h3x5nCd+AqbtbaUui3ppH8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2316	07a415abbf1b173fe30680dd27c366ef.exe
2316	07a415abbf1b173fe30680dd27c366ef.exe
2316	07a415abbf1b173fe30680dd27c366ef.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	07a415abbf1b173fe30680dd27c366ef.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2316	07a415abbf1b173fe30680dd27c366ef.exe
2316	07a415abbf1b173fe30680dd27c366ef.exe

C:\Users\Admin\AppData\Local\Temp\07a415abbf1b173fe30680dd27c366ef.exe
"C:\Users\Admin\AppData\Local\Temp\07a415abbf1b173fe30680dd27c366ef.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst1383.tmp\tools.dll

Filesize
59KB

MD5
3ad9ab89363e1b63094be1ad21ed7674

SHA1
a49e6f7e492d93db10d578f7b67e025eed0e5daa

SHA256
4242e9f163d8d9bae8a82eee6de3e69257d478dcf827775dcd620663b9d0df16

SHA512
928b49cb369a76c539acd7d1815f9e35c9405e24b2001f544a419742fb46a00a86af848c419a13d4bf9c7e15fe47619645e2762d5dc27d6f268a12559b795bc7

Download Submit
\Users\Admin\AppData\Local\Temp\nst1383.tmp\tools.dll

Filesize
118KB

MD5
8a78b9004786789c868865b15e09fa80

SHA1
cf581d9808212eafc031bc0e2e809e63d3acaea1

SHA256
6744acb0c7b3ddf38d711082f561a9885af230cea15a9b70bc9c7e0775994477

SHA512
57e177770b4717b40e224f634d10fc252fb92f0cb3da1dc75be85a4ab4fac2713e013c1cf33e953d74dfc0c3ff6e2854093abfeab409094d157bf833d66f0243

Download Submit
\Users\Admin\AppData\Local\Temp\nst1383.tmp\tools.dll

Filesize
27KB

MD5
f3bb18c53596694b4b8387b265d1da51

SHA1
b8a769c6d97f99e8a30453df46d958015fd11be7

SHA256
0957fea90c1c88752f4c74053d27227041b20707f5c5ca1af31bfde835e1fb5f

SHA512
aeaa450e8bbc03306ac708e34f7c46370f31e0f1547029d11adfbaea301c58a2a4966160389fe7c73ea96a6531c0a18bbf67c66f0f6c74c9cc7398648bbf33f4

Download Submit
\Users\Admin\AppData\Local\Temp\nst1383.tmp\tools.dll

Filesize
5KB

MD5
4c322e450992aee04e0a9808dceed89e

SHA1
628ef667ed69305e260f3a099bb74bf328641d96

SHA256
23b889de06433cbfcbaee64b1fd6cc5c74dfa602e35d6b5ae53e511019801f95

SHA512
00cac775ff1b0d610e8ce5b8f4f219d407cb82a0354d4cd8df9dcde903d33d10c12926e9207511ded3be1a2e5545e153f4b858a238f169b05e59b921a8c3ccbc

Download Submit
memory/2316-25-0x0000000074030000-0x00000000745DB000-memory.dmp

Filesize
5.7MB

Download
memory/2316-24-0x0000000003810000-0x0000000003850000-memory.dmp

Filesize
256KB

Download
memory/2316-19-0x0000000003810000-0x0000000003850000-memory.dmp

Filesize
256KB

Download
memory/2316-27-0x0000000003810000-0x0000000003850000-memory.dmp

Filesize
256KB

Download
memory/2316-26-0x0000000003810000-0x0000000003850000-memory.dmp

Filesize
256KB

Download
memory/2316-23-0x0000000074030000-0x00000000745DB000-memory.dmp

Filesize
5.7MB

Download
memory/2316-31-0x0000000006260000-0x0000000006360000-memory.dmp

Filesize
1024KB

Download
memory/2316-30-0x0000000006260000-0x0000000006360000-memory.dmp

Filesize
1024KB

Download
memory/2316-38-0x0000000074030000-0x00000000745DB000-memory.dmp

Filesize
5.7MB

Download
memory/2316-39-0x0000000003810000-0x0000000003850000-memory.dmp

Filesize
256KB

Download
memory/2316-40-0x0000000006260000-0x0000000006360000-memory.dmp

Filesize
1024KB

Download