202b45e1fbebb147bab50facb3dd6206a9d48da1a9165f1f13f91b0b4fa0243b

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2094125925eaa9718a3c23f8ba0f271f.exe
Size

1.1MB
MD5

2094125925eaa9718a3c23f8ba0f271f
SHA1

71bc9949be200624a76bbc3620b6223fb16c3c97
SHA256

202b45e1fbebb147bab50facb3dd6206a9d48da1a9165f1f13f91b0b4fa0243b
SHA512

21102248bfc6e799d397070531550caf033d0a49493efdeba351474d8e186e4151e63b9e21506b9c0c30f3478c21af46aeca59e7e66a5204c23d19ef2aaf5081
SSDEEP

24576:IWvknOMEfD4aBQDqIdPpFhSdTdUU7CiP//omcWOQJ:IUeOMmz1IZNSNdUU7M9E

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2588	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2200	2094125925eaa9718a3c23f8ba0f271f.exe
2588	Setup.exe
2588	Setup.exe
2588	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2588	2200	2094125925eaa9718a3c23f8ba0f271f.exe	28
PID 2200 wrote to memory of 2588	2200	2094125925eaa9718a3c23f8ba0f271f.exe	28
PID 2200 wrote to memory of 2588	2200	2094125925eaa9718a3c23f8ba0f271f.exe	28
PID 2200 wrote to memory of 2588	2200	2094125925eaa9718a3c23f8ba0f271f.exe	28
PID 2200 wrote to memory of 2588	2200	2094125925eaa9718a3c23f8ba0f271f.exe	28
PID 2200 wrote to memory of 2588	2200	2094125925eaa9718a3c23f8ba0f271f.exe	28
PID 2200 wrote to memory of 2588	2200	2094125925eaa9718a3c23f8ba0f271f.exe	28

C:\Users\Admin\AppData\Local\Temp\2094125925eaa9718a3c23f8ba0f271f.exe
"C:\Users\Admin\AppData\Local\Temp\2094125925eaa9718a3c23f8ba0f271f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe

Filesize
452KB

MD5
cd6fa1e3126535fb1465d4918aa63106

SHA1
e566bc090898d3ff954fae3328d2b8c16839f1db

SHA256
54fc72198e5d5ced6e571314b869c1cdba53d1e3e8d645db7bd09beb91aaa4c5

SHA512
428b554b336f6fc6a6ac5ced6e4376c1532ea027daffe74297ee694d325ca934f781ca297e42ecb6c25fee0623dce04b82e790449471807f6240563ce7e40251

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe

Filesize
456KB

MD5
a949b41bd67ab696ce0823ec705cfc14

SHA1
bce072ea903e350da61454d1fbfd82e60441c9a4

SHA256
f3099a5285a8851480c5af8f35b9660c59cd1593a187e88af490e1ad3d1a7ef1

SHA512
b9b4d94bc40d446dd2e43117287b144dd8b3c892b1e1a6a82bbc51476cab116932c366e2997b17018c9c38069b7561c72102f074c512300f66ead9de6aedbcb9

Download Submit
\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe

Filesize
604KB

MD5
ab16ae2a46c914042a512e3a7fb56eab

SHA1
45d3a73fa36f922f11a6a9122e9b32f9e7edc7b6

SHA256
ebac7e61f334df68e8ef92aa617c6e73f35aa5367a4e9172d7aa605bda2bd96a

SHA512
09f25ec90c7bf2b0597b50cc439368186867b4a05544cb4e095667bf92ccafa95b83367c3dc84aa74a595ff016d3cb30f2e9b09dc1ff2e88a1efb755377be30c

Download Submit
\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe

Filesize
334KB

MD5
ac72fb955a5189bf69a296373e76a9c8

SHA1
1eae39afd8b21cfd9ffe3ca128edbbbb0b757e08

SHA256
9b1d4cc53e8f1d19873f0e2de51f00d084f9115bb382b0c7f23ebe6e1fa487e3

SHA512
0bcbff74fc64030ba2c408508012619c6b26f53473fea44ee8e52803b3b38bf38d31941b7b6c4fcbb3169914886fd67026120ba41aade33d70a01a3597f9d913

Download Submit
\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe

Filesize
333KB

MD5
7493f0894502c2e5dbe24a0fc007f61f

SHA1
d16f32c6be5598c0691705240bda1afcd359f8ae

SHA256
8a361e6fab32a7a93fc77c403467cb11311f571c0a3dd9920a0eb6676ed340ff

SHA512
1f91f1e7ea5bf905ecd3b22f399b73c2c87a2ad56e1b568254e3d1592147e6142ee3b535d7f669e1a35267ff0204e62a37efc7609091b2cc0a1eabe91e3f2fdb

Download Submit
\Users\Admin\AppData\Local\Temp\a2syRBGl30\SW8flukj\Setup.exe

Filesize
245KB

MD5
32b792d1cd94285150ad158504303122

SHA1
9d623bcf78cf9ace65335685bb493b2ea1c3650e

SHA256
5a55b032616f89b243640c4b5d5a4eaba309ea2fb4068196fa611915316661f6

SHA512
6310baf35637f6bf5bf1bf942a5b5b6233d159b93d378de9c9542d8c6660b09bb40ed94c72f7b9693c2aaa92d3081e932dfd717a933964fdb4c0f0b221618cc8

Download Submit
memory/2200-30-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-44-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-8-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2200-7-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-12-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-13-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-14-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-16-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-17-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-19-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-18-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-20-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-15-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-21-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-23-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-25-0x0000000076F80000-0x0000000077090000-memory.dmp

Filesize
1.1MB

Download
memory/2200-24-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-22-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-26-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-11-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-27-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-10-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-9-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-28-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-29-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-32-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-33-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-34-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-31-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-35-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-1-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-36-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-37-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-45-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2200-41-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-38-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-43-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-46-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-48-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-51-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-54-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-56-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-59-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-60-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-61-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-64-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-66-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-65-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-63-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-62-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-58-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-57-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-55-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-53-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-52-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-50-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-49-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-0-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-47-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-42-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-40-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-39-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-203-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-623-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-854-0x0000000001C60000-0x0000000001D5E000-memory.dmp

Filesize
1016KB

Download
memory/2200-853-0x0000000076F80000-0x0000000077090000-memory.dmp

Filesize
1.1MB

Download
memory/2588-844-0x0000000001F30000-0x000000000202E000-memory.dmp

Filesize
1016KB

Download
memory/2588-625-0x0000000001F30000-0x000000000202E000-memory.dmp

Filesize
1016KB

Download