e33d33ca9654eb33b767b3d5f2491301fe2b18b3d8fff630dbd140fd7e1f0215

Analysis

max time kernel
157s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
Size

222KB
MD5

0e7ade8c12f0c6ef083d4a452bd7dfb5
SHA1

36ff6165bce937232a335ce7d165853c5f239cdf
SHA256

e33d33ca9654eb33b767b3d5f2491301fe2b18b3d8fff630dbd140fd7e1f0215
SHA512

9cc7eacddc5ae7c046524711937e3c161f9d9e26febd08ddb00ac4678d29b54ebdf623f3825a39822526485f9566c0460ffed25736ab4b3a884adfb2303f6610
SSDEEP

6144:SosZZfyqdnCIEfFutYRlUcUJDfNZ+kB/sM:SoKZfyKCIEZacGfNRH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4184	Ikyraa.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Ikyraa.exe
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
File created	C:\Windows\Ikyraa.exe	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
File opened for modification	C:\Windows\Ikyraa.exe	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Ikyraa.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	Ikyraa.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Software\Microsoft\Internet Explorer\Main	Ikyraa.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe
4184	Ikyraa.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 4184	2060	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe	98
PID 2060 wrote to memory of 4184	2060	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe	98
PID 2060 wrote to memory of 4184	2060	0e7ade8c12f0c6ef083d4a452bd7dfb5.exe	98

C:\Users\Admin\AppData\Local\Temp\0e7ade8c12f0c6ef083d4a452bd7dfb5.exe
"C:\Users\Admin\AppData\Local\Temp\0e7ade8c12f0c6ef083d4a452bd7dfb5.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\Ikyraa.exe
  C:\Windows\Ikyraa.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Ikyraa.exe

Filesize
222KB

MD5
0e7ade8c12f0c6ef083d4a452bd7dfb5

SHA1
36ff6165bce937232a335ce7d165853c5f239cdf

SHA256
e33d33ca9654eb33b767b3d5f2491301fe2b18b3d8fff630dbd140fd7e1f0215

SHA512
9cc7eacddc5ae7c046524711937e3c161f9d9e26febd08ddb00ac4678d29b54ebdf623f3825a39822526485f9566c0460ffed25736ab4b3a884adfb2303f6610

Download Submit
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

Filesize
362B

MD5
94ccba63246f2ef97d5a2b3f94d12b7d

SHA1
fa409ca174b0d8abd08698b48449142c88c56c34

SHA256
581dba43cbe228e7ecd414a2096e45b23f04febf19e1ddda71a63a08e5975b01

SHA512
701ba2fbb03c1e4980a8589c7de11dbdb878ce829c4db29e5f1a39be2f2cb384772ed0fe1ee73225ff1fdba34da6b90805a32a6ddb5b33163e22ed5ac8c8302e

Download Submit
memory/2060-10373-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2060-4206-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2060-0-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2060-6-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2060-2-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2060-3-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2060-4-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2060-1-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/4184-134671-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-40776-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-14-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-13-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-4208-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-23323-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-29927-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-16821-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-54057-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-68751-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-82426-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-92325-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-107485-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-121341-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4184-16819-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download