224549013aee4fc5c7d8d2c1aa25bc878dbe538b20f799f47246796b2f468af7

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09224c6cfb4597de0ebb0ee555c61083.exe
Size

1.1MB
MD5

09224c6cfb4597de0ebb0ee555c61083
SHA1

3178767aaabe7f32508ca5d7b10229f62e51d2b4
SHA256

224549013aee4fc5c7d8d2c1aa25bc878dbe538b20f799f47246796b2f468af7
SHA512

41da3d71f781e6bb1caf53a11d6dbb62564369f83e03b7af0134465b639452534cd0f38ca141bee556dd3d77d2e1d7aa379bd12dda4ea2d0f509eed1ea9f9df4
SSDEEP

24576:6WvknOMEf5Aquj8w/tGerLUZcjUdqh1on5K7YMcDMeHxZCg+k:6UeOMmuhlgeUyY5VMcDtcg+k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3048	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2088	09224c6cfb4597de0ebb0ee555c61083.exe
3048	Setup.exe
3048	Setup.exe
3048	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 3048	2088	09224c6cfb4597de0ebb0ee555c61083.exe	27
PID 2088 wrote to memory of 3048	2088	09224c6cfb4597de0ebb0ee555c61083.exe	27
PID 2088 wrote to memory of 3048	2088	09224c6cfb4597de0ebb0ee555c61083.exe	27
PID 2088 wrote to memory of 3048	2088	09224c6cfb4597de0ebb0ee555c61083.exe	27
PID 2088 wrote to memory of 3048	2088	09224c6cfb4597de0ebb0ee555c61083.exe	27
PID 2088 wrote to memory of 3048	2088	09224c6cfb4597de0ebb0ee555c61083.exe	27
PID 2088 wrote to memory of 3048	2088	09224c6cfb4597de0ebb0ee555c61083.exe	27

C:\Users\Admin\AppData\Local\Temp\09224c6cfb4597de0ebb0ee555c61083.exe
"C:\Users\Admin\AppData\Local\Temp\09224c6cfb4597de0ebb0ee555c61083.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Local\Temp\a2te2QogqH\gocdVwsQ\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2te2QogqH\gocdVwsQ\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2088-0-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-1-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-3-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2088-7-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-10-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-11-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-12-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-9-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-16-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-20-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-25-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-24-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-31-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-35-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-40-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-50-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-59-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-63-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-66-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-65-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-64-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-62-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-61-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-60-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-58-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-57-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-56-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-55-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-54-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-53-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-52-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-51-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-49-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-205-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-48-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-47-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-46-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-45-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-44-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-43-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-42-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-41-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-39-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-38-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-37-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-36-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-34-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-33-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-32-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-30-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-29-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-28-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-27-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-26-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-23-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-22-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-21-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-19-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-18-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-17-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-15-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-14-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-13-0x0000000077430000-0x0000000077540000-memory.dmp

Filesize
1.1MB

Download
memory/2088-8-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2088-853-0x0000000000520000-0x000000000061D000-memory.dmp

Filesize
1012KB

Download
memory/2088-852-0x0000000077430000-0x0000000077540000-memory.dmp

Filesize
1.1MB

Download
memory/3048-623-0x0000000000A10000-0x0000000000B0D000-memory.dmp

Filesize
1012KB

Download
memory/3048-843-0x0000000000A10000-0x0000000000B0D000-memory.dmp

Filesize
1012KB

Download