105ba4555a8487d29f4f5721a1909beee5b428f55cf674c11bb2a5699272de1c

Analysis

max time kernel
7s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11a644d50aa17248815b0a72f10735ac.exe
Size

1.1MB
MD5

11a644d50aa17248815b0a72f10735ac
SHA1

841230968f8617219fcf55797dea8bbaae3070e0
SHA256

105ba4555a8487d29f4f5721a1909beee5b428f55cf674c11bb2a5699272de1c
SHA512

9564186935f7aae89bdddc9e2668e87f79802d19dbb3aa6496dccac54c7815f2d67621a3a3daaaaae1f6384fe4ef6f2d52bec24e4ebabea173f94d85687e3186
SSDEEP

24576:aWvknOMEfVcPqdU//xbdv/bfuQ9sJqy7V/+RJ2xID:aUeOMmBsxbdzsJqy7V+RcxID

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3060	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2512	11a644d50aa17248815b0a72f10735ac.exe
3060	Setup.exe
3060	Setup.exe
3060	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 3060	2512	11a644d50aa17248815b0a72f10735ac.exe	15
PID 2512 wrote to memory of 3060	2512	11a644d50aa17248815b0a72f10735ac.exe	15
PID 2512 wrote to memory of 3060	2512	11a644d50aa17248815b0a72f10735ac.exe	15
PID 2512 wrote to memory of 3060	2512	11a644d50aa17248815b0a72f10735ac.exe	15
PID 2512 wrote to memory of 3060	2512	11a644d50aa17248815b0a72f10735ac.exe	15
PID 2512 wrote to memory of 3060	2512	11a644d50aa17248815b0a72f10735ac.exe	15
PID 2512 wrote to memory of 3060	2512	11a644d50aa17248815b0a72f10735ac.exe	15

C:\Users\Admin\AppData\Local\Temp\a2nvUxN1r5\ymCxWNnx\Setup.exe
C:\Users\Admin\AppData\Local\Temp\a2nvUxN1r5\ymCxWNnx\Setup.exe --relaunch
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
PID:3060

C:\Users\Admin\AppData\Local\Temp\11a644d50aa17248815b0a72f10735ac.exe
"C:\Users\Admin\AppData\Local\Temp\11a644d50aa17248815b0a72f10735ac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2512-7-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-9-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2512-8-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-18-0x00000000758B0000-0x00000000759C0000-memory.dmp

Filesize
1.1MB

Download
memory/2512-28-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-40-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-57-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-66-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-65-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-64-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-63-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-62-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-61-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-60-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-59-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-203-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-58-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-56-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-55-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-54-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-53-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-52-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-51-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-50-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-48-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-49-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-47-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-46-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-45-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-44-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-43-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-42-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-41-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-39-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-38-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-37-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-36-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-35-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-34-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-33-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-32-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-31-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-30-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-29-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-27-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-26-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-25-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-24-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-23-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-22-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-21-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-20-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-19-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-16-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-17-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-15-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-14-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-13-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-12-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-11-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-10-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-1-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-0-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-853-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2512-852-0x00000000758B0000-0x00000000759C0000-memory.dmp

Filesize
1.1MB

Download
memory/3060-625-0x0000000000740000-0x000000000083E000-memory.dmp

Filesize
1016KB

Download
memory/3060-843-0x0000000000740000-0x000000000083E000-memory.dmp

Filesize
1016KB

Download