10f009526c29c721dc8bc3cafc9dce2b8eae0cbcb145f35c928d2b3ea180dcab

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d2d43c8de999a0700f8492d00894c90.exe
Size

1.1MB
MD5

0d2d43c8de999a0700f8492d00894c90
SHA1

0406f6f8c9325acd98c9df186da8120ece4f11ca
SHA256

10f009526c29c721dc8bc3cafc9dce2b8eae0cbcb145f35c928d2b3ea180dcab
SHA512

dc111525fc8088b64050ce8bd8632d95f5085899ec0172a97d47595648dfeeb0ab3e92a22789d5302ab9d4f2f01f0b80b0bc18b5dac2e1dec6cba026589a68fb
SSDEEP

24576:pWvknOMEf7MxrF28eYzT7JN+iZbdsrsqbbKvWg8bbwfMLaow:pUeOMmYxrF28eY3t6rsqbmVNf1ow

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2600	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
1992	0d2d43c8de999a0700f8492d00894c90.exe
2600	Setup.exe
2600	Setup.exe
2600	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2600	1992	0d2d43c8de999a0700f8492d00894c90.exe	28
PID 1992 wrote to memory of 2600	1992	0d2d43c8de999a0700f8492d00894c90.exe	28
PID 1992 wrote to memory of 2600	1992	0d2d43c8de999a0700f8492d00894c90.exe	28
PID 1992 wrote to memory of 2600	1992	0d2d43c8de999a0700f8492d00894c90.exe	28
PID 1992 wrote to memory of 2600	1992	0d2d43c8de999a0700f8492d00894c90.exe	28
PID 1992 wrote to memory of 2600	1992	0d2d43c8de999a0700f8492d00894c90.exe	28
PID 1992 wrote to memory of 2600	1992	0d2d43c8de999a0700f8492d00894c90.exe	28

C:\Users\Admin\AppData\Local\Temp\0d2d43c8de999a0700f8492d00894c90.exe
"C:\Users\Admin\AppData\Local\Temp\0d2d43c8de999a0700f8492d00894c90.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe

Filesize
143KB

MD5
8f13463c22f544566dca909f330f22e8

SHA1
114f4fd2cf340edb8207d19839950a31eea1b3a2

SHA256
3aca221e30ef67be4e11644b549d905c2fe22a767a6cfcdfc0631a943e932a61

SHA512
d0fd59df2e95690fb6f299dd562015943ac8893f9bcabe0bebaa59ebe3a1100c80392175a39a30163a741b4e03ec03ba0359e642c0df4f20ee522f7019bf245e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe

Filesize
193KB

MD5
f48f2f176746395ecefc538e2829036b

SHA1
45b08faa67452823ff8726eefe0e77d3c694e361

SHA256
705265a884306f2b19e5f1a073a8082d764566286c9586a4ec1e3a7d5a6cc9de

SHA512
b51e889f30932b3739b86e4ae26b5e79e1f23fabd076fa46b529804a37b22f98737262dce00441a6a5542137c9268363805db6b44ea31cea2ed0262f2c0eab6c

Download Submit
\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe

Filesize
170KB

MD5
d349b24a0ff6c1d2984774652a10d3d8

SHA1
086f391d63271306169d4f5c8e92668a4077c31c

SHA256
e547003c94fce32e6a23b1ddf9a7f1ad742a302f6d9f3cb64f9a3a17c0a783c0

SHA512
a3e1b43cb2493f449c0988e1bb268598d1d36457b5457535f5f08d5964f83b8e26e0d23f595c4c168aadb4a152c22a364bbd88fbfd1eae0c97e6fab39a3ecce9

Download Submit
\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe

Filesize
99KB

MD5
908125e6021c1b503d18c0844c79a34c

SHA1
84828b5343491da00f3b7c90b71a6285c60476ca

SHA256
e7f9a01488737d4b511452451886bd08556c62e2e0d926a2f703dab8a157641a

SHA512
df20ffb8107fcdb94c9c2355c10bb98206073335484adcb31cbb2628eaacf063e278c5c81cd2bd8f224d30eed4d315afa22cc5dae96870929a73a93efbd98bae

Download Submit
\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe

Filesize
77KB

MD5
bfdc35671bebfd706ba753c3ba447fd5

SHA1
47f5d2f14504f12ce6c6e0e4e9da392cab551976

SHA256
f0b47f142c18d28bbe8e8dab2b0bd19832a4a685f91611c29d1ecb494074060f

SHA512
9188a0f18dd362798586cfdc5f756667484176b0fedae62b1f59274b3eec14ffc1d5e34b4038d0d18348b3c2f3e82c45f3f19395f244d529f921af97d4cf99dc

Download Submit
\Users\Admin\AppData\Local\Temp\a2TXTnSCWN\0SiAqFQ7\Setup.exe

Filesize
13KB

MD5
e48c1b209c0c464cb2ab37d16f6f9ae3

SHA1
482c50a05ea6bcb307675110225fd46bd85f345e

SHA256
7f883e5d41639f5b85a5b04712047aea7f6f2ff9819f8a7dac2665dde509feaa

SHA512
53ec042e575ca256f534f1e393808be753595d67135d8151d24b943d958724b79c2be0355f2a2bb574989620fbf919a04e91ae4b1a434146843123d9ea61632d

Download Submit
memory/1992-51-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-53-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-8-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-11-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-52-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-10-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/1992-9-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-13-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-7-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-15-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-14-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-17-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-16-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-18-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-22-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-25-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-24-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-30-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-33-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-35-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-39-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-46-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-47-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-45-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-48-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-49-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-44-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-42-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-50-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-43-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-1-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/1992-41-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-12-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-2-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-26-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-40-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-37-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-36-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-54-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-55-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-56-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-34-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-57-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-32-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-58-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-31-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-59-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-61-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-62-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-64-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-66-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-65-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-63-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-60-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-29-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-28-0x0000000076F90000-0x00000000770A0000-memory.dmp

Filesize
1.1MB

Download
memory/1992-27-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-38-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-0-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-23-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-21-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-20-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-19-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-204-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/1992-852-0x0000000076F90000-0x00000000770A0000-memory.dmp

Filesize
1.1MB

Download
memory/1992-853-0x0000000001D60000-0x0000000001E5E000-memory.dmp

Filesize
1016KB

Download
memory/2600-843-0x0000000001EC0000-0x0000000001FBE000-memory.dmp

Filesize
1016KB

Download
memory/2600-623-0x0000000001EC0000-0x0000000001FBE000-memory.dmp

Filesize
1016KB

Download