e5b7a735451941cf863e53125f4a15a16c2c8fa6957de2149f907a5ade18c590

Analysis

max time kernel
125s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0993c50e3881a03a22ca66e1adb18bcc.exe
Size

308KB
MD5

0993c50e3881a03a22ca66e1adb18bcc
SHA1

8ce908de9bf6b4277c1c5a475451624baf3f94d4
SHA256

e5b7a735451941cf863e53125f4a15a16c2c8fa6957de2149f907a5ade18c590
SHA512

2bd7e7941b9909f9ac620ca9bf82ad1b6736cc9567fe174c00d17ab5d75e8440cd34ecc20bdd7a7533155e69addddfe5ac88629f2a38a6aaa97fa7fd90fe978f
SSDEEP

6144:q8hg7V2//I/LOpqLV5HxY3R5n62+kxiO/b/jeg:qCkVg/I68V5HxY3b6V+iOHd

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\drivers\etc\service5.ini	0993c50e3881a03a22ca66e1adb18bcc.exe

Loads dropped DLL 3 IoCs

pid	Process
1516	0993c50e3881a03a22ca66e1adb18bcc.exe
1516	0993c50e3881a03a22ca66e1adb18bcc.exe
1516	0993c50e3881a03a22ca66e1adb18bcc.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe	0993c50e3881a03a22ca66e1adb18bcc.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe	0993c50e3881a03a22ca66e1adb18bcc.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe	0993c50e3881a03a22ca66e1adb18bcc.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\temp.txt	0993c50e3881a03a22ca66e1adb18bcc.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\RCX7A3F.tmp	0993c50e3881a03a22ca66e1adb18bcc.exe
File opened for modification	C:\Program Files\Windows NT\sms_log.txt	0993c50e3881a03a22ca66e1adb18bcc.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.txt	0993c50e3881a03a22ca66e1adb18bcc.exe
File opened for modification	C:\Program Files\Windows NT\service6.ini	0993c50e3881a03a22ca66e1adb18bcc.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	0993c50e3881a03a22ca66e1adb18bcc.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1516	0993c50e3881a03a22ca66e1adb18bcc.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1516	0993c50e3881a03a22ca66e1adb18bcc.exe
1516	0993c50e3881a03a22ca66e1adb18bcc.exe
1516	0993c50e3881a03a22ca66e1adb18bcc.exe
1516	0993c50e3881a03a22ca66e1adb18bcc.exe

C:\Users\Admin\AppData\Local\Temp\0993c50e3881a03a22ca66e1adb18bcc.exe
"C:\Users\Admin\AppData\Local\Temp\0993c50e3881a03a22ca66e1adb18bcc.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft Office\Office14\RCX7A3F.tmp

Filesize
308KB

MD5
a22669260885a671365ad9c33d1e7a1e

SHA1
b1622a86fdaa88c91eea24badc6a2e3da0a58a6d

SHA256
c9320c5031ff6b3fc9beb755c76cf052807413a872ccddb498bde13013658dc8

SHA512
e368e28c7e77337bf7be01397c93ae16459c1d8e023de09859b8ddcdca133ac75a4c1bba69eab62910476288efc6d1b47e904ce4ffb4669fa1b0129a64f64b11

Download Submit
\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

Filesize
308KB

MD5
0993c50e3881a03a22ca66e1adb18bcc

SHA1
8ce908de9bf6b4277c1c5a475451624baf3f94d4

SHA256
e5b7a735451941cf863e53125f4a15a16c2c8fa6957de2149f907a5ade18c590

SHA512
2bd7e7941b9909f9ac620ca9bf82ad1b6736cc9567fe174c00d17ab5d75e8440cd34ecc20bdd7a7533155e69addddfe5ac88629f2a38a6aaa97fa7fd90fe978f

Download Submit
\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe

Filesize
89KB

MD5
901aa7a38ce13f14b6bbec38c0595698

SHA1
6abd81a46557f72680eb9e5fc74223b8c9c32088

SHA256
1e95f2048e2a1782807d52e9816ed267355718e24d01ff07ace73d965ede388a

SHA512
34bb4f656423021873363ec8dd1908fd1d01017e607ff8bc79fea3176ffb18f3281dcf21f7bedcd96c4ddbcff70bb2943435a18e31ddfb6f6c5bd226bf901672

Download Submit