1517e0ecba95575dae915f7a85b8a64efe8ae7ab2ac481e6d553927c4b03fd1b

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

086430fdef371f827a2643b915807367.exe
Size

1.1MB
MD5

086430fdef371f827a2643b915807367
SHA1

3470f741f3aea81ad02c7aa47e4cbf9479e80bf2
SHA256

1517e0ecba95575dae915f7a85b8a64efe8ae7ab2ac481e6d553927c4b03fd1b
SHA512

963ed707128b00ced2d186895be362377a99d3396a770171b2e9a9055e3c2855cee5efc4678e856be121149e6ac9da8c802b1075408cf8708eb23583feb8bf02
SSDEEP

24576:jWvknOMEf4YM1MiZjnsZF3jO8xivaaDwvxHnPxAi9k7t0pRiEgCmR:jUeOMmNYsZJ6H5AvitSiEgCmR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5048	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 532 wrote to memory of 5048	532	086430fdef371f827a2643b915807367.exe	91
PID 532 wrote to memory of 5048	532	086430fdef371f827a2643b915807367.exe	91
PID 532 wrote to memory of 5048	532	086430fdef371f827a2643b915807367.exe	91

C:\Users\Admin\AppData\Local\Temp\086430fdef371f827a2643b915807367.exe
"C:\Users\Admin\AppData\Local\Temp\086430fdef371f827a2643b915807367.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:532
- C:\Users\Admin\AppData\Local\Temp\a2Mb5HTTmm\VTc2qqrb\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2Mb5HTTmm\VTc2qqrb\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2Mb5HTTmm\VTc2qqrb\Setup.exe

Filesize
72KB

MD5
54c64f2f5e35bcb5f95583ee14388bd7

SHA1
a136d378794c61917d5d289e443f96b96b6fb7fc

SHA256
5c5e05430acc6ddfa390ef5887ce1b2977811b557ed09af7bb546049cefd5f0b

SHA512
74100616fca6fb6b90d3567b3be56500de016a0a9d3123a63b92f9b64a84799b31ef19be63fe00e643211626c91cdb7c0f1b2944939fac1846b1f5f874155323

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2Mb5HTTmm\VTc2qqrb\Setup.exe

Filesize
52KB

MD5
2d336bfbe3f9a37c97c4d6e60aebe0b0

SHA1
fd487fc8d5a4f19667fd3a197fa69405c58f19fd

SHA256
a1394e0b167e1a08fd5abc4eb3f161d16bbf7fdc7c5354be72a51e4cbb65eb37

SHA512
0735be0cad2905dbb6ab7a7077ba96da450b7d8022ddc0625299496413e08a4bfda3f070904251004635169178ebd6894e196a4fec5f52e1cf9b8ee9b0025b09

Download Submit
memory/532-0-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/532-1-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-9-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/532-8-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-10-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-12-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-16-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-18-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-25-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-30-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-32-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-33-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-36-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-37-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-38-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-39-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-35-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-34-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-40-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-43-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-44-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-42-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-41-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-31-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-29-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-28-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-27-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-26-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-46-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-50-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-54-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-57-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-56-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-58-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-60-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-59-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-55-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-53-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-52-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-51-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-49-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-61-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-65-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-64-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-63-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-62-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-47-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-48-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-45-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-24-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-23-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-21-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-22-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-20-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-19-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-17-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-15-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-14-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-13-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-11-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-7-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-203-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/532-846-0x00000000021B0000-0x00000000022AE000-memory.dmp

Filesize
1016KB

Download
memory/5048-424-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/5048-618-0x00000000020B0000-0x00000000021AE000-memory.dmp

Filesize
1016KB

Download
memory/5048-837-0x00000000020B0000-0x00000000021AE000-memory.dmp

Filesize
1016KB

Download