1517e0ecba95575dae915f7a85b8a64efe8ae7ab2ac481e6d553927c4b03fd1b

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

086430fdef371f827a2643b915807367.exe
Size

1.1MB
MD5

086430fdef371f827a2643b915807367
SHA1

3470f741f3aea81ad02c7aa47e4cbf9479e80bf2
SHA256

1517e0ecba95575dae915f7a85b8a64efe8ae7ab2ac481e6d553927c4b03fd1b
SHA512

963ed707128b00ced2d186895be362377a99d3396a770171b2e9a9055e3c2855cee5efc4678e856be121149e6ac9da8c802b1075408cf8708eb23583feb8bf02
SSDEEP

24576:jWvknOMEf4YM1MiZjnsZF3jO8xivaaDwvxHnPxAi9k7t0pRiEgCmR:jUeOMmNYsZJ6H5AvitSiEgCmR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2624	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2888	086430fdef371f827a2643b915807367.exe
2624	Setup.exe
2624	Setup.exe
2624	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2624	2888	086430fdef371f827a2643b915807367.exe	28
PID 2888 wrote to memory of 2624	2888	086430fdef371f827a2643b915807367.exe	28
PID 2888 wrote to memory of 2624	2888	086430fdef371f827a2643b915807367.exe	28
PID 2888 wrote to memory of 2624	2888	086430fdef371f827a2643b915807367.exe	28
PID 2888 wrote to memory of 2624	2888	086430fdef371f827a2643b915807367.exe	28
PID 2888 wrote to memory of 2624	2888	086430fdef371f827a2643b915807367.exe	28
PID 2888 wrote to memory of 2624	2888	086430fdef371f827a2643b915807367.exe	28

C:\Users\Admin\AppData\Local\Temp\086430fdef371f827a2643b915807367.exe
"C:\Users\Admin\AppData\Local\Temp\086430fdef371f827a2643b915807367.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe

Filesize
47KB

MD5
7edfd543198697ced527d2903302c3e9

SHA1
c4c3c98c24e75a39be78e5300a8e6b745763c0e9

SHA256
19b1b528443ec0ff7c177e827f737aa4a03c03f4b7183302331de07e7d3ab010

SHA512
067467a31b2230c4248f206f268e6d35fee0e2d9c2cf735e1a198b8ad637003df7ca263b46328221aedcbdaaac73fe197a844d9dfa70d28c7a7953d76a9d5d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe

Filesize
51KB

MD5
e9380016447594a9d28d18133dc482a8

SHA1
7c400c0c922658e37d44ece69ff9d7dbcf3b599c

SHA256
5fc57d9ee51c3a8b015aff25bd38890fe42902a0c5b88b3a07f3e7d33a9d6620

SHA512
0f068143678f5270361fb3858996479949fbdad82ff59df93b8547942768b8206b96be2cd681830c447dbdde8aef1a6f301ac4559c75d47878a360412a42f475

Download Submit
\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe

Filesize
38KB

MD5
3e31e0b02000bae455bacaca42190f8e

SHA1
2a405528eb39ddcdbc9b8febb0aba65762fa0065

SHA256
6b616cf907c0edfffb7693994e03003e29bf23acd349e80a151c032764c0d0d6

SHA512
d67ebf1bef378418ecf7aef926d21388d5d09a6fb1f2e4d1433b55c9d802840e232e9ff7a11cc3191188846fb9da1f7fb730e9a971f115e62e4719d255a3931b

Download Submit
\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe

Filesize
66KB

MD5
e247700dafca1117c777216877da280b

SHA1
7cce61c695a380ba994bbf817a96573cb55444bf

SHA256
03cb7aa6e47bccb6b21bdcb4c12532b31ce929b2e5b1bab57637b79f0f458254

SHA512
2701bb39ed5c19a8b97415544c90154bc735d1456c6a6a5303e46c398d9b551728dbfefdb72ee520b5ed99440d29437a2a178a1c71c2ae0708ca66b163e050f3

Download Submit
\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe

Filesize
55KB

MD5
336ec03f049099ada55e0a788cf9b9aa

SHA1
7b04583cfe2e4dd253868344601d1355a599fc70

SHA256
adc7afd6f55a7b00d37c78bc1065d9d9d6c8864b5c254bc13ba949b1e8b72349

SHA512
8cff77565740bea1c4b4f811d208b47105fcd6cdf1a881eba9ed77f98e8faeb9b0f1adf8fadf4b6e89d53ee21f9e37e70144146f5f9d1a556ba6c8d2afdea1df

Download Submit
\Users\Admin\AppData\Local\Temp\a2PAGSBFiK\iSIuVvG1\Setup.exe

Filesize
63KB

MD5
71d2a170684ce3cb088e8db78cee80f5

SHA1
10b4ae1404c3c84620bbe7ddc824737c59752c61

SHA256
08f6a86ca57dad54c8c45b25ca290a76f169557b7bf817fbec3e40bda41d9bfa

SHA512
c17ad08ae83acec1329b5736c818a8fb756f6e79a5dd6412edeaf0823ba4ac868e70be2cb984772cccd809ca8affcb6c13bb9ffbf77ab49f875c2403e8bdbc13

Download Submit
memory/2624-843-0x0000000000950000-0x0000000000A4E000-memory.dmp

Filesize
1016KB

Download
memory/2624-625-0x0000000000950000-0x0000000000A4E000-memory.dmp

Filesize
1016KB

Download
memory/2888-62-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-35-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-37-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-46-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-52-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-58-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-61-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-65-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-64-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-63-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-0-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-60-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-91-0x0000000075540000-0x0000000075650000-memory.dmp

Filesize
1.1MB

Download
memory/2888-59-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-57-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-56-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-55-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-54-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-53-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-51-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-50-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-49-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-48-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-47-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-45-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-44-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-43-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-203-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-42-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-40-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-39-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-38-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-41-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-34-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-27-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-33-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-32-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-31-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-30-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-29-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-28-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-36-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-25-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-26-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-21-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-17-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-13-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-10-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2888-8-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-24-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-23-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-22-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-20-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-19-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-18-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-16-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-15-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-14-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-12-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-11-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-9-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-2-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-7-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-1-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2888-853-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2888-852-0x0000000075540000-0x0000000075650000-memory.dmp

Filesize
1.1MB

Download