b59e1c653ceeee1f225dedcce24aaa2ea47ccef0b5dba3b2355d9ab49352909f

General

Target

09380b1792af2b701cc3ebaf8cf60949.exe
Size

5.8MB
MD5

09380b1792af2b701cc3ebaf8cf60949
SHA1

c61c29386b864495813ea378265107f6a819c16e
SHA256

b59e1c653ceeee1f225dedcce24aaa2ea47ccef0b5dba3b2355d9ab49352909f
SHA512

9d23343b69762ceb7f4a39376531ae7775ec3d8e479717650356d7ac45fa119bd261205a7311ce3c25f61566f390508fb0768c1ed8beb08deebf5fe3e213ab77
SSDEEP

49152:bzeo6U+YJJbce5QSb0wtxmH7aCDoD1rTrWvKYgbsT4AvCB7Jcyq/FBGS26iK+V5U:bzeoDRJ/WoD1rH1/nlpsuaZXK63

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1352 set thread context of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	09380b1792af2b701cc3ebaf8cf60949.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2056	09380b1792af2b701cc3ebaf8cf60949.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2056	09380b1792af2b701cc3ebaf8cf60949.exe
2056	09380b1792af2b701cc3ebaf8cf60949.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28
PID 1352 wrote to memory of 2056	1352	09380b1792af2b701cc3ebaf8cf60949.exe	28

C:\Users\Admin\AppData\Local\Temp\09380b1792af2b701cc3ebaf8cf60949.exe
"C:\Users\Admin\AppData\Local\Temp\09380b1792af2b701cc3ebaf8cf60949.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\09380b1792af2b701cc3ebaf8cf60949.exe
  "C:\Users\Admin\AppData\Local\Temp\09380b1792af2b701cc3ebaf8cf60949.exe" ""
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1352-0-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1352-26-0x0000000000400000-0x00000000009CC000-memory.dmp

Filesize
5.8MB

Download
memory/2056-25-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-35-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2056-7-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-9-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-11-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-13-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-15-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-17-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-22-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-21-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-19-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2056-24-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-5-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-3-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-31-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-1-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-29-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2056-30-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-28-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-32-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-33-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-34-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-27-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-36-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-37-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download
memory/2056-54-0x0000000000400000-0x0000000000885000-memory.dmp

Filesize
4.5MB

Download

Analysis

Sharing