224549013aee4fc5c7d8d2c1aa25bc878dbe538b20f799f47246796b2f468af7

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09224c6cfb4597de0ebb0ee555c61083.exe
Size

1.1MB
MD5

09224c6cfb4597de0ebb0ee555c61083
SHA1

3178767aaabe7f32508ca5d7b10229f62e51d2b4
SHA256

224549013aee4fc5c7d8d2c1aa25bc878dbe538b20f799f47246796b2f468af7
SHA512

41da3d71f781e6bb1caf53a11d6dbb62564369f83e03b7af0134465b639452534cd0f38ca141bee556dd3d77d2e1d7aa379bd12dda4ea2d0f509eed1ea9f9df4
SSDEEP

24576:6WvknOMEf5Aquj8w/tGerLUZcjUdqh1on5K7YMcDMeHxZCg+k:6UeOMmuhlgeUyY5VMcDtcg+k

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5076	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3832 wrote to memory of 5076	3832	09224c6cfb4597de0ebb0ee555c61083.exe	90
PID 3832 wrote to memory of 5076	3832	09224c6cfb4597de0ebb0ee555c61083.exe	90
PID 3832 wrote to memory of 5076	3832	09224c6cfb4597de0ebb0ee555c61083.exe	90

C:\Users\Admin\AppData\Local\Temp\09224c6cfb4597de0ebb0ee555c61083.exe
"C:\Users\Admin\AppData\Local\Temp\09224c6cfb4597de0ebb0ee555c61083.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3832
- C:\Users\Admin\AppData\Local\Temp\a2poOgpPi9\o2FASknF\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2poOgpPi9\o2FASknF\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2poOgpPi9\o2FASknF\Setup.exe

Filesize
196KB

MD5
6e32cb7a6f42011ea6798aee8149c50d

SHA1
c73e76877b8b4b9cd4294aa6881962066d337db3

SHA256
a8aaba8d4c7c813a680617fe1d1de423d0b8e3d2c89b7b0751c4f5d28ea9c555

SHA512
4729c9f3fd022bd1d755a48c43b2e57a722ae3bda7f3e3384583bfa15f90842decb89aef4a77c31e643b0a136d1df03ca8f8855d959ccfd9d475c68300525b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2poOgpPi9\o2FASknF\Setup.exe

Filesize
85KB

MD5
8a0517cec2b7e597463a4bc3fb8222fd

SHA1
cab396e8e59ffbb3b60f8b87edb1e75226f61af8

SHA256
965663433816855042c36dae2daa0f530caefbb041d4037a4f85f94a673ae68f

SHA512
578f2cbbbdeb509cace8b092713f3a1e033dba8b392791bb628ad6fde0d74dc6f3361983f9c9635bda5f8dbe2c48337928226ca9ffa0ba8de474da7a73cb74aa

Download Submit
memory/3832-0-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-1-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/3832-7-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-8-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/3832-10-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-9-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-11-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-12-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-13-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-14-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-15-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-17-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-18-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-20-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-19-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-21-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-16-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-25-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-24-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-28-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-31-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-33-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-35-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-37-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-39-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-40-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-41-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-42-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-43-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-44-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-38-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-36-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-34-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-32-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-30-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-45-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-47-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-46-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-29-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-49-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-55-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-59-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-60-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-64-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-65-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-63-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-62-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-61-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-58-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-57-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-56-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-54-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-53-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-52-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-50-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-51-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-48-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-26-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-27-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-23-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-22-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-202-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/3832-846-0x00000000022E0000-0x00000000023DD000-memory.dmp

Filesize
1012KB

Download
memory/5076-424-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/5076-619-0x0000000002150000-0x000000000224D000-memory.dmp

Filesize
1012KB

Download
memory/5076-837-0x0000000002150000-0x000000000224D000-memory.dmp

Filesize
1012KB

Download