22a888abc610e20f5cc9c938846b14c74aeb331ed560fe50cf7352529f4fbb70

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0251bbb908bcefd50badfa5d8477eddd.exe
Size

1.1MB
MD5

0251bbb908bcefd50badfa5d8477eddd
SHA1

9182d009557f01db617a6ca2a5ad3f4a6e84dca7
SHA256

22a888abc610e20f5cc9c938846b14c74aeb331ed560fe50cf7352529f4fbb70
SHA512

94d51ae20b8ea92f19722bb72dbad8cf4f409cacddeb5db8934d30954d99e8f63b70ceb8cbe4e5eb52992b53df57e5ade162b11d306e9b77aecd93e48190e684
SSDEEP

24576:GWvknOMEfwE1xSWFrRjyMXoWp9yrWkq2sQJXzp8XKg/GOTqRy+r:GUeOMm9x7dRL4O05JX8K7OORy+r

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
660	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4180 wrote to memory of 660	4180	0251bbb908bcefd50badfa5d8477eddd.exe	91
PID 4180 wrote to memory of 660	4180	0251bbb908bcefd50badfa5d8477eddd.exe	91
PID 4180 wrote to memory of 660	4180	0251bbb908bcefd50badfa5d8477eddd.exe	91

C:\Users\Admin\AppData\Local\Temp\0251bbb908bcefd50badfa5d8477eddd.exe
"C:\Users\Admin\AppData\Local\Temp\0251bbb908bcefd50badfa5d8477eddd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4180
- C:\Users\Admin\AppData\Local\Temp\a27MUjG6wv\JtNr8GSz\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a27MUjG6wv\JtNr8GSz\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a27MUjG6wv\JtNr8GSz\Setup.exe

Filesize
204KB

MD5
afe600f66c7ecfb6bc01170fbc7fcba8

SHA1
006b5af1518b1b8dae8eacdf19e30f9feb332063

SHA256
8a48d3a75b4f31fe37fb9460473260be23bee3d1bb3e8c654b2d1aebb03f39d1

SHA512
939d71b43124daf01c4271afab7bf8c04712f54263053fb7bdab304daf3c16cb8c3f02e2f1c3a2e664ad1150f3fde347e2a7fe66f46b58cf5de5ee2012b402de

Download Submit
C:\Users\Admin\AppData\Local\Temp\a27MUjG6wv\JtNr8GSz\Setup.exe

Filesize
153KB

MD5
c74284f6af7b629d6bd408d9ee23a26a

SHA1
69ac2811e9a43272513eb8cf91e33835151d144e

SHA256
753f32f6062341fc9066221fb3956da0825e82b7a7130fbefb3db8b27e71f205

SHA512
b2e99472fa7479e81d0cb9e0a8a6c974da9abb3b3852aa2aa42bb533e2cf983b5ec3da0af448ce2f384d8b23f270452a3660fd634e4125fb0c6a7ed4dfae5c78

Download Submit
memory/660-424-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/660-619-0x0000000000820000-0x000000000091E000-memory.dmp

Filesize
1016KB

Download
memory/660-838-0x0000000000820000-0x000000000091E000-memory.dmp

Filesize
1016KB

Download
memory/4180-33-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-29-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-2-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4180-8-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-10-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4180-11-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-9-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-13-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-12-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-16-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-17-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-18-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-19-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-15-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-14-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-7-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-20-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-21-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-23-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-28-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-35-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-36-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-42-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-41-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-40-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-39-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-38-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-37-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-34-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-0-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-32-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-31-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-1-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-26-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-30-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-27-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-25-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-24-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-22-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-43-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-44-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-45-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-46-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-52-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-58-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-61-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-64-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-63-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-65-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-62-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-59-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-60-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-57-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-56-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-55-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-54-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-53-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-51-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-50-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-49-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-48-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-47-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-204-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-829-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download
memory/4180-847-0x0000000002240000-0x000000000233E000-memory.dmp

Filesize
1016KB

Download