664c22959e545e05ca6ca1a1012881a731015894be9c89c00118208379174765

General

Target

1244a7fe9f2bd24290ed00e7c2fd039c.exe
Size

6.4MB
MD5

1244a7fe9f2bd24290ed00e7c2fd039c
SHA1

7c8025a218937c70897d14f182de1324fccb9049
SHA256

664c22959e545e05ca6ca1a1012881a731015894be9c89c00118208379174765
SHA512

32d17f4acdf22df347773dc16b284d8f9d70dcbb1df3ad306e4b1dba23015118a0de49227fdcff2be159ba9f12ee2ebcb7ba4177c2e52b1eacb1c2cd390b6a1e
SSDEEP

196608:/DXJryvp10aEvcRVcdaNaqH+ex+PdQ3iVci1zwXAk:/rNyb1fcsNaqN+PZfNwwk

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2484	1244a7fe9f2bd24290ed00e7c2fd039c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	1244a7fe9f2bd24290ed00e7c2fd039c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2484	1244a7fe9f2bd24290ed00e7c2fd039c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2484	1244a7fe9f2bd24290ed00e7c2fd039c.exe
2484	1244a7fe9f2bd24290ed00e7c2fd039c.exe

C:\Users\Admin\AppData\Local\Temp\1244a7fe9f2bd24290ed00e7c2fd039c.exe
"C:\Users\Admin\AppData\Local\Temp\1244a7fe9f2bd24290ed00e7c2fd039c.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fs4md25h.0nj\html\images\bg-1.png

Filesize
41KB

MD5
6827046a979c04d94751c803af783535

SHA1
6ef6c4b4254c9a11b772f101c62eaf4b394f8b38

SHA256
28d8ff55256e3d48ba7ec89eb5aa89d72ef2cfbc6ee5b4497cf52fae9f4887a3

SHA512
28934247436cfdd436f62682a2817039ac7e4fed920b3d4d55690c163068a3447c88db8afaa3a3701fa7689b938cff35da8571e8f93215a1280bd33e8c5b2220

Download Submit
C:\Users\Admin\AppData\Local\Temp\fs4md25h.0nj\html\page.html

Filesize
2KB

MD5
11c92dee6ee98a81980f6af71fb4ab33

SHA1
1e0902d94836b00de4c464c48cfd2490bcbaa7fa

SHA256
5feaa2e80be13ed7f053f0837e970f85b08398e877e8dd8733acd965a5991a4b

SHA512
0afaa0c0ca2876958add84fa4c845e0fcb8ac67fab99bda0d96745ab8b54272f08d58179238e9f6765c2edd42a22d3c1250d1ba406372e8e78b3bd7350bc3ad5

Download Submit
C:\Users\Admin\AppData\Local\Temp\fs4md25h.0nj\html\page4.html

Filesize
2KB

MD5
ae6775109e86d7a90552ae9897d9e238

SHA1
6f87a00f82f206ac741c234cf3e551757ae88ec5

SHA256
019c5754b3e8a9aea7163f27b661fada55e93b2ecd1e3d5460b8c6466462696d

SHA512
318506d90447b9dd76c5bc42a23b489671d83f0f0f759f4e30902e6375bbdb23a726ebba5362e6ce536579a63612d88ec42ac7b8a222ea8cc4dfaad319ced241

Download Submit
C:\Users\Admin\AppData\Local\Temp\fs4md25h.0nj\html\page44.html

Filesize
2KB

MD5
b830b0d504e67ade99d97a097fa8dac9

SHA1
c1832a0af7bb4a8c61a10a46b0b02f55aca5f399

SHA256
9b9430f6855bedffe20ae65573aaa8d87cc017266353bfd813740885ebeaccd2

SHA512
fdacb86b4cce235b2facc699cb257211773aacd96cb6805e026c9e6da9e79e0bbc5ff2e8bc55160b2b355dffefc6f1dcb6541708c87cc46a81d0a1f01db13f51

Download Submit
C:\Users\Admin\AppData\Local\Temp\fs4md25h.0nj\html\page45.html

Filesize
2KB

MD5
95d639db5201007754b6debcb39aa45d

SHA1
a08876c698ba17935021fe927398689e609972d1

SHA256
37b8148067cbfc40544d2e6b9909fd13e979c2eb305ee8de2ba2a5d782bf79dc

SHA512
124f98a72ec6d742fad9a6bd265e79bfa6a2fc83382e1e8cf577b5d70eea0ec0d6ed851d5b5a4b955bb8a7908351c7c9026c081109464c61d40d8a46f1cf992f

Download Submit
C:\Users\Admin\AppData\Local\Temp\fs4md25h.0nj\html\page46.html

Filesize
2KB

MD5
4abb7a604419a117bf4d99ca44fa3a48

SHA1
287036f9b429416bc6c95556a0bacdc41ebf5e72

SHA256
23468aeedd86bba81dc63230edcd20e29796ce48b40a920cdfc78dc8ef47e6fc

SHA512
dbd42df706fd94d5e350af837758d010271941faf59dda7f7597f1a705764d31fba1b0a2b8e7122dff9ad23ca6398c642bb933ad01bd27f939f0486b06bcf9cc

Download Submit
\Users\Admin\AppData\Local\Temp\fs4md25h.0nj\7z.dll

Filesize
173KB

MD5
766f6b27e39210848f550cfed8e8bc95

SHA1
855d9d1d73cff5af7268d6f1b4a023aeb9d060ff

SHA256
08d0a8eb959d78a345f5e4e43794befa5318e3276d1af45e560024f13991d015

SHA512
92cd79e6724a449347e2fdb1850ca6d3330aa1f7f1a3cf1dab84aa551cd27a566b8df6356cbe97c5132d76a522329ac1bdf4a220cc1ea030d9e3419186fb7969

Download Submit
memory/2484-25-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-161-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-12-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-158-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-159-0x0000000005A50000-0x0000000005B50000-memory.dmp

Filesize
1024KB

Download
memory/2484-157-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-160-0x00000000749B0000-0x0000000074F5B000-memory.dmp

Filesize
5.7MB

Download
memory/2484-0-0x00000000749B0000-0x0000000074F5B000-memory.dmp

Filesize
5.7MB

Download
memory/2484-162-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-163-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-165-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-164-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-2-0x0000000002210000-0x0000000002250000-memory.dmp

Filesize
256KB

Download
memory/2484-1-0x00000000749B0000-0x0000000074F5B000-memory.dmp

Filesize
5.7MB

Download
memory/2484-186-0x0000000005A50000-0x0000000005B50000-memory.dmp

Filesize
1024KB

Download

Analysis

Sharing