133a4154fb7d809b9a4d6bc22cdbe3c8074c1c793032a5928561ccd8bebeedef

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18d65f874ded93e21c8c86f9f4f40b52.exe
Size

1.1MB
MD5

18d65f874ded93e21c8c86f9f4f40b52
SHA1

6f18ad0336ffbf021c8658f172528bd3a609835a
SHA256

133a4154fb7d809b9a4d6bc22cdbe3c8074c1c793032a5928561ccd8bebeedef
SHA512

8868a8257b3e8ec36230a4226c50cf8393c802b60c2bbe8999a8db776a58167698fbb1f115729f4527bb1ac42bb3ccfd2bb36ab01296b885ef1687a002a74883
SSDEEP

24576:IWvknOMEfMdNOr9tSO45DGe2gxNioTRcTQGr7/czF6+I:IUeOMm+w90O45C0DEzUA+I

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2956	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2960	18d65f874ded93e21c8c86f9f4f40b52.exe
2956	Setup.exe
2956	Setup.exe
2956	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2956	2960	18d65f874ded93e21c8c86f9f4f40b52.exe	28
PID 2960 wrote to memory of 2956	2960	18d65f874ded93e21c8c86f9f4f40b52.exe	28
PID 2960 wrote to memory of 2956	2960	18d65f874ded93e21c8c86f9f4f40b52.exe	28
PID 2960 wrote to memory of 2956	2960	18d65f874ded93e21c8c86f9f4f40b52.exe	28
PID 2960 wrote to memory of 2956	2960	18d65f874ded93e21c8c86f9f4f40b52.exe	28
PID 2960 wrote to memory of 2956	2960	18d65f874ded93e21c8c86f9f4f40b52.exe	28
PID 2960 wrote to memory of 2956	2960	18d65f874ded93e21c8c86f9f4f40b52.exe	28

C:\Users\Admin\AppData\Local\Temp\18d65f874ded93e21c8c86f9f4f40b52.exe
"C:\Users\Admin\AppData\Local\Temp\18d65f874ded93e21c8c86f9f4f40b52.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\a2gGqil1F1\8Z8Qf77U\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2gGqil1F1\8Z8Qf77U\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2gGqil1F1\8Z8Qf77U\Setup.exe

Filesize
994KB

MD5
824edefefd52643a31826e534bee53be

SHA1
45bb6aff5811e30b986ba089aa7eb5c19538fefa

SHA256
7c8e218cc0242f5a61b31cf346246c580d4207c7d2963833c7251bac6d2099ed

SHA512
4761cf44e9d51b8a1c64566b11141dc8f507e5f8e121f5f7a848acb23cdd4823a8231b56e77593daed2cae2dc642d36719bd31b6631a7dc35d0f60294c125f70

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2gGqil1F1\8Z8Qf77U\Setup.exe

Filesize
1.0MB

MD5
3ff39b3e6356304f274d2fcd935305de

SHA1
b45f00a624cf6cb45cdde93dc1e96609e0651730

SHA256
ba5ac32f025ad683724cac63c4647a6c5904ba298b5636e1b0c952533e67ea29

SHA512
45c89bd07fc8b90cbc7b60c54a3dcb67a54389f68d7dae7b3c94c2ca2377fa8bad28ca399c419ce39e22eacb72d89781297049e8926773ba2edd51c0a01a5d09

Download Submit
\Users\Admin\AppData\Local\Temp\a2gGqil1F1\8Z8Qf77U\Setup.exe

Filesize
5KB

MD5
03cd21ffd427fda608b67e26e4d20f0c

SHA1
0813fbc5743d28c7c0e695a9500d0e06acea1731

SHA256
076e7a84bbbaa33bae39d9f26826c5e01c1b6943ace9b59243603da8e982fb43

SHA512
9892d2ace5f120479d4d3bc7e4ca658a496024a5799089e86e3c134395a19c2a80800798d832f7231c245de972bac274271cfef29861562362a2f14315544944

Download Submit
\Users\Admin\AppData\Local\Temp\a2gGqil1F1\8Z8Qf77U\Setup.exe

Filesize
967KB

MD5
7a5035128ff4ffa89c0cf8d8e69bb032

SHA1
f93244ea69bf19bf6798c10a9bca45e605b523c8

SHA256
0d010356f562ad2fe0f77d3412c1cedf5fedc3e6114480192475c21914956d4e

SHA512
cadab087e7fc254a9c72d57178b623954b114080b4956f4d35fe008a3209b976d336109c95297144a04ddbed36857b241d1ac6d1dfb79e5c976c5c46affb0ee1

Download Submit
\Users\Admin\AppData\Local\Temp\a2gGqil1F1\8Z8Qf77U\Setup.exe

Filesize
1.1MB

MD5
18d65f874ded93e21c8c86f9f4f40b52

SHA1
6f18ad0336ffbf021c8658f172528bd3a609835a

SHA256
133a4154fb7d809b9a4d6bc22cdbe3c8074c1c793032a5928561ccd8bebeedef

SHA512
8868a8257b3e8ec36230a4226c50cf8393c802b60c2bbe8999a8db776a58167698fbb1f115729f4527bb1ac42bb3ccfd2bb36ab01296b885ef1687a002a74883

Download Submit
memory/2956-843-0x0000000000AF0000-0x0000000000BEE000-memory.dmp

Filesize
1016KB

Download
memory/2956-624-0x0000000000AF0000-0x0000000000BEE000-memory.dmp

Filesize
1016KB

Download
memory/2960-27-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-43-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-38-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-10-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-7-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-11-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-12-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-13-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-16-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-15-0x00000000768D0000-0x00000000769E0000-memory.dmp

Filesize
1.1MB

Download
memory/2960-17-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-18-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-14-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-20-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-19-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-21-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-23-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-22-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-25-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-24-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-26-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-29-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-32-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-31-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-34-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-35-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-33-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-30-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-28-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-1-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-39-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-40-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-8-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2960-9-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-47-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-41-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-45-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-46-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-44-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-37-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-36-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-42-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-48-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-51-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-52-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-50-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-56-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-55-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-58-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-57-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-61-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-60-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-63-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-64-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-65-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-66-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-62-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-2-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2960-0-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-59-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-54-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-53-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-49-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-203-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download
memory/2960-852-0x00000000768D0000-0x00000000769E0000-memory.dmp

Filesize
1.1MB

Download
memory/2960-853-0x0000000001CB0000-0x0000000001DAE000-memory.dmp

Filesize
1016KB

Download