c2612291a5a93b703e8699e1a1270d8c58086251cc35858d61b92c6235f55924

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ad356f36e9320463518e4255e6b61c5.exe
Size

20KB
MD5

0ad356f36e9320463518e4255e6b61c5
SHA1

f8d74cb6d0f0d0142cd4ddb8334bc114df5c7ba3
SHA256

c2612291a5a93b703e8699e1a1270d8c58086251cc35858d61b92c6235f55924
SHA512

8e30adbc681f1663c283f8cb5090a09b654cea7f9a32100f7d6352ad81a2ff3252e40dea3640f18d3d60a6b11688c4948f73ce84fc31288aebbf8a77061c3d4f
SSDEEP

96:e60N/6/lIbWhTDs1IMYlf2mf4A7wV+7EXE6od7Ts7ILAXrWyh/lIbWhTDs18I:gx6/lIa32XA7wVwkgisA7Wyh/lIB

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	0ad356f36e9320463518e4255e6b61c5.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1644	0ad356f36e9320463518e4255e6b61c5.exe
1644	0ad356f36e9320463518e4255e6b61c5.exe
1644	0ad356f36e9320463518e4255e6b61c5.exe

C:\Users\Admin\AppData\Local\Temp\0ad356f36e9320463518e4255e6b61c5.exe
"C:\Users\Admin\AppData\Local\Temp\0ad356f36e9320463518e4255e6b61c5.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-10-0x0000000005480000-0x00000000057C7000-memory.dmp

Filesize
3.3MB

Download
memory/1644-11-0x00000000057D0000-0x0000000005905000-memory.dmp

Filesize
1.2MB

Download