244d29ad168e7703fcd3b2d6af1f1a5ac16accc07e36b17a791d7ae5a5e3bf59

Analysis

max time kernel
97s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

092a082610f2bde45706cdd9b2db8bbd.exe
Size

1.1MB
MD5

092a082610f2bde45706cdd9b2db8bbd
SHA1

b2a50d475144c4606cb20f3356aa3634b72fe1c4
SHA256

244d29ad168e7703fcd3b2d6af1f1a5ac16accc07e36b17a791d7ae5a5e3bf59
SHA512

38059a884d3c3d11074602783f246a3c17c4539ff9723c64f21124087f147b8c4ff1fb535012a11cd190831384f059b7273e6d76792af07f4c4c860f762e3442
SSDEEP

24576:eWvknOMEfd/Eo4q+KJ7BTHFIOy+JKSNNACTSfuOUfX4S+2+0a37+8:eUeOMmb4fKjrV1RThle2+087+8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4812	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 4812	4148	092a082610f2bde45706cdd9b2db8bbd.exe	90
PID 4148 wrote to memory of 4812	4148	092a082610f2bde45706cdd9b2db8bbd.exe	90
PID 4148 wrote to memory of 4812	4148	092a082610f2bde45706cdd9b2db8bbd.exe	90

C:\Users\Admin\AppData\Local\Temp\092a082610f2bde45706cdd9b2db8bbd.exe
"C:\Users\Admin\AppData\Local\Temp\092a082610f2bde45706cdd9b2db8bbd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Users\Admin\AppData\Local\Temp\a2rAvre35f\ccxKvgri\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2rAvre35f\ccxKvgri\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2rAvre35f\ccxKvgri\Setup.exe

Filesize
51KB

MD5
b09c3f36e84e22296b738388967b9ff4

SHA1
411381c3a9794def9471cf6d02b21d30721dc562

SHA256
78cdb30d42c15dbfeb6b38e662b50fcfa20956d84f63484cb286f0ff7170c5e4

SHA512
002081918da3d7b6ff8ab84d2651169138355d520695b47991fa450e422b2c1deaac51b2c58dc9a538392735b2d07c12760c38af7e372283a3e5e59d84bfaae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2rAvre35f\ccxKvgri\Setup.exe

Filesize
73KB

MD5
012dec196d0f7bdd4d9c90b577978413

SHA1
e34ffbf4e82015627a1266d30a9e3cb715d0acdc

SHA256
a1d37bba8cb7ff48b7ade17f2121bfcc2e07e5c087773a6f1909480d20fe5dc3

SHA512
26a36d54273255b77ea4bd8a8ac9f50f165449d9f638fc32e03a8fbd6a296d214bbb0a96011e8408c4966c7779ef51111b8ed4e36b03cb4f22fc93b40cd63c85

Download Submit
memory/4148-0-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-1-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-8-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-7-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-11-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4148-10-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-16-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-18-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-19-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-17-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-15-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-14-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-13-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-12-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-9-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-20-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-21-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-22-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-2-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4148-26-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-30-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-32-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-40-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-47-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-52-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-55-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-56-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-62-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-61-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-63-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-65-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-64-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-60-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-59-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-58-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-57-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-53-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-54-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-51-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-50-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-49-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-48-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-46-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-45-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-44-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-43-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-42-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-41-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-39-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-38-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-36-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-37-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-35-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-34-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-33-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-31-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-29-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-28-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-27-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-25-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-202-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-24-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-23-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4148-846-0x0000000002170000-0x000000000226E000-memory.dmp

Filesize
1016KB

Download
memory/4812-424-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4812-618-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download
memory/4812-837-0x0000000002140000-0x000000000223E000-memory.dmp

Filesize
1016KB

Download