f4a87b9f78f37b883b3f5febf56c02b1bf23378c67fcfacafe9dc92342915af9

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0856093c41eba261dbae2f992a5e9e6f.exe
Size

1.3MB
MD5

0856093c41eba261dbae2f992a5e9e6f
SHA1

bcf6ef164c451a8d96fcb0453c6bedf41895e344
SHA256

f4a87b9f78f37b883b3f5febf56c02b1bf23378c67fcfacafe9dc92342915af9
SHA512

98e2210fa282901e577e5bef1f43fc4e8ab65158175c18c65677d6a264bb12af3530c24ee193d7e50815f376157c7a23d672dc5cfec50d1bb4231a0fb7bb0c0e
SSDEEP

24576:E7BYGKYFwR0CpBcinCFzXx33OpfPFmcyou2c6udcKSnEp222222222222222222+:E7CRHpBcinC33+pfPFmc/c6z/nEp222h

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3984	4432	WerFault.exe	87

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\IESettingSync	0856093c41eba261dbae2f992a5e9e6f.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	0856093c41eba261dbae2f992a5e9e6f.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	0856093c41eba261dbae2f992a5e9e6f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	0856093c41eba261dbae2f992a5e9e6f.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4432	0856093c41eba261dbae2f992a5e9e6f.exe
4432	0856093c41eba261dbae2f992a5e9e6f.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4432	0856093c41eba261dbae2f992a5e9e6f.exe
4432	0856093c41eba261dbae2f992a5e9e6f.exe

C:\Users\Admin\AppData\Local\Temp\0856093c41eba261dbae2f992a5e9e6f.exe
"C:\Users\Admin\AppData\Local\Temp\0856093c41eba261dbae2f992a5e9e6f.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 1956
  2⤵
  - Program crash
  PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4432 -ip 4432
1⤵
PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\index.html

Filesize
11KB

MD5
3b4288f629b7b25a9083f4faa7623c69

SHA1
b9a63ca90447f9369437fccfdadf4226eea97cbc

SHA256
a569b1bcb71994e4bc21fd9b386ef3cbf4ffe4faf1f4fc033b91396f84954325

SHA512
ecf91e5b9bb49fabeb6f3691a5211406a07ee845dc17d9a51a1027e1dbf90fd99c925cc1a4699585370d704357ee07bc10b3e9fcb5485ba399ad9a71559facbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery-ui.min.1.8.0.js

Filesize
202KB

MD5
a4fdd77e182bd2fabe300a47b5617a35

SHA1
e002b335c75b5edefcd251962f61f53a2ab8e0f2

SHA256
8b59592d67eadc703af6cdd5ba8d077f9f9485d01fb6405555614335f89be99b

SHA512
ddcccde1c129f8f71fb39685abc615c4202b8b3dfc12cedd7d9cca2f97b308fc14b64497826421fa9df3d1cf54bdae9c085051af0a8d393cd3d556a6578d4085

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery.min.1.6.4.js

Filesize
89KB

MD5
219073097031d9c1a95a1291d66f3a10

SHA1
2b7996b01d90b7f424f2a2e6063947461db4b2b2

SHA256
232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef

SHA512
9ad2745f96cf79a4d59393cc3fbb3958b244013f6798c12abe41e37fca80df3c7cedab4b47cbd197645c86b31077388ec8f01ea8d67c5feacbef95b1ae7582b5

Download Submit
memory/4432-0-0x0000000000400000-0x0000000000552000-memory.dmp

Filesize
1.3MB

Download
memory/4432-1-0x0000000000B70000-0x0000000000B71000-memory.dmp

Filesize
4KB

Download