244d29ad168e7703fcd3b2d6af1f1a5ac16accc07e36b17a791d7ae5a5e3bf59

Analysis

max time kernel
14s
max time network
28s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

092a082610f2bde45706cdd9b2db8bbd.exe
Size

1.1MB
MD5

092a082610f2bde45706cdd9b2db8bbd
SHA1

b2a50d475144c4606cb20f3356aa3634b72fe1c4
SHA256

244d29ad168e7703fcd3b2d6af1f1a5ac16accc07e36b17a791d7ae5a5e3bf59
SHA512

38059a884d3c3d11074602783f246a3c17c4539ff9723c64f21124087f147b8c4ff1fb535012a11cd190831384f059b7273e6d76792af07f4c4c860f762e3442
SSDEEP

24576:eWvknOMEfd/Eo4q+KJ7BTHFIOy+JKSNNACTSfuOUfX4S+2+0a37+8:eUeOMmb4fKjrV1RThle2+087+8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2848	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2180	092a082610f2bde45706cdd9b2db8bbd.exe
2848	Setup.exe
2848	Setup.exe
2848	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2848	2180	092a082610f2bde45706cdd9b2db8bbd.exe	28
PID 2180 wrote to memory of 2848	2180	092a082610f2bde45706cdd9b2db8bbd.exe	28
PID 2180 wrote to memory of 2848	2180	092a082610f2bde45706cdd9b2db8bbd.exe	28
PID 2180 wrote to memory of 2848	2180	092a082610f2bde45706cdd9b2db8bbd.exe	28
PID 2180 wrote to memory of 2848	2180	092a082610f2bde45706cdd9b2db8bbd.exe	28
PID 2180 wrote to memory of 2848	2180	092a082610f2bde45706cdd9b2db8bbd.exe	28
PID 2180 wrote to memory of 2848	2180	092a082610f2bde45706cdd9b2db8bbd.exe	28

C:\Users\Admin\AppData\Local\Temp\092a082610f2bde45706cdd9b2db8bbd.exe
"C:\Users\Admin\AppData\Local\Temp\092a082610f2bde45706cdd9b2db8bbd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe

Filesize
146KB

MD5
5cd597b135514e96d6f7e50de50e257c

SHA1
7b1420b32e6a4f303927aa16ce53886f7e82ee67

SHA256
7eec3137c1dc2613d4a2d6e4c92bae6328d6b6f7407444597679fe06d1076e48

SHA512
f98061201777700e319614ab72387723eafa66706d82a36a5ce4f81298187ea63cc7b03aa97497cfad20b32df8004287bc80e4cb1c5c91b6c441569eefce039b

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe

Filesize
119KB

MD5
33eb65d9267e1ce695a927c81e89cf65

SHA1
2b3a2d339db0879cd71d561cb0fca10d33e7dbf7

SHA256
665b4b68d748dcfba7a36fd4c5b7a08492f989d25b1dffa8881fdf231d1aada4

SHA512
a60a146a9bceca4d13c1bda34e2c61ef164b88d01a6abeba11fde6bdfd4b65566dd707e06e60d5b4fa0ec069d84cccfa2f07180f778bc372a2f545461c673590

Download Submit
\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe

Filesize
136KB

MD5
bb5e7c42ace8cfd634740c93cf161040

SHA1
ef0f70e33471fe129ed8b89b17be0c21dbaa929e

SHA256
577c26c2f6d0c7e970e3544bdfd73f681ca353e2737fda02e7e5f29262b3ba17

SHA512
ffdc7b5258298565384ac35e4bbf1267632d5f367e30804a7707bb699d125071e6e0ac451fd8e30dac4c94e0c5ebf817baa7c8bafabe231b7ee656f8a0b06c70

Download Submit
\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe

Filesize
160KB

MD5
15055bec1f53051d1f76edaae7cb5de9

SHA1
912cf3b659e72b90a822346381560daf3b1774e7

SHA256
a9d5a286daef951a20af0cdc74455ed1fab68f84606f74dbbc8f820557477489

SHA512
966b129928e42029ef569fcbc4594ab8cecdad7818b32e490d50b8d38cc185f655ebb1c42c3d0988872f19c7e8ea4b25a8b9850d7f2352eb5c5b7d096080b952

Download Submit
\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe

Filesize
113KB

MD5
a5943b3519425772023c39b3b21ee82b

SHA1
07ecdaae48ae036cef1e85e853b45e2b73b7c657

SHA256
02becbb10e046067b0157a86d616060175c267ecfcb0613087e2ed4b29d12413

SHA512
2089cdc7d283f9f20bba7157ee327c4d36c62ddf27fc8a0c22202507abbbb960579b595e2ece1c8cf8fe01b1ff503d911afe341eb33487e68bbc49e76384c530

Download Submit
\Users\Admin\AppData\Local\Temp\a2frpEEd6L\TmaFh0ew\Setup.exe

Filesize
175KB

MD5
975073801a7d64eec7416a51c095344d

SHA1
f41301335596f3ccc4acd29c92b54a980c258a8a

SHA256
814005b97115fbd02bb993c1672eee61a0e93ded13844892dc0a61437af6a43b

SHA512
f7b945677e93b2924887b169b6777cb6e0881b5d04e46155af385d7da56a48f6bda221250bf0c924b8d302ff9ae2d411ddddedde8af4877933d6dd1145685704

Download Submit
memory/2180-52-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-21-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-8-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2180-11-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-10-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-13-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-12-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-14-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-15-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-16-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-19-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-20-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-18-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-54-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-17-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-9-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-7-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-22-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-25-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-29-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-31-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-33-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-32-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-34-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-48-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-40-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-42-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-45-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-50-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-51-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-1-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2180-49-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-56-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-2-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-37-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-47-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-46-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-44-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-43-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-55-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-53-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-57-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-41-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-58-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-39-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-59-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-38-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-36-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-60-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-35-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-30-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-28-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-61-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-62-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-64-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-66-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-65-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-63-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-0-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-27-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-26-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-24-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-23-0x0000000075460000-0x0000000075570000-memory.dmp

Filesize
1.1MB

Download
memory/2180-203-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2180-852-0x0000000075460000-0x0000000075570000-memory.dmp

Filesize
1.1MB

Download
memory/2180-853-0x0000000001D50000-0x0000000001E4E000-memory.dmp

Filesize
1016KB

Download
memory/2848-843-0x0000000000750000-0x000000000084E000-memory.dmp

Filesize
1016KB

Download
memory/2848-623-0x0000000000750000-0x000000000084E000-memory.dmp

Filesize
1016KB

Download