1363b0b062bc43777487f640d8e54ee5849eaff915371dad79d5b99238abe28f

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1af5c96d9d2b283eb77173b6840aa832.exe
Size

1.1MB
MD5

1af5c96d9d2b283eb77173b6840aa832
SHA1

2a6dd2b6f7551b8bd16c8fa51e1f2a96a522724f
SHA256

1363b0b062bc43777487f640d8e54ee5849eaff915371dad79d5b99238abe28f
SHA512

ba684757f083e502a2ad29c08f8aadab147f94f8f1d1d3c85ca4d46242264bb8612b121c0711fef10a1fcf01cbbc59df1f2a2065f01197a101e1a88074cd4a17
SSDEEP

24576:QWvknOMEfEU9GWlxj0X+BZ8ur+ZA5uO90tkXZWqsEi9Gc+6:QUeOMmx9uKeuroltssqit+6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
240	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2792	1af5c96d9d2b283eb77173b6840aa832.exe
240	Setup.exe
240	Setup.exe
240	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 240	2792	1af5c96d9d2b283eb77173b6840aa832.exe	29
PID 2792 wrote to memory of 240	2792	1af5c96d9d2b283eb77173b6840aa832.exe	29
PID 2792 wrote to memory of 240	2792	1af5c96d9d2b283eb77173b6840aa832.exe	29
PID 2792 wrote to memory of 240	2792	1af5c96d9d2b283eb77173b6840aa832.exe	29
PID 2792 wrote to memory of 240	2792	1af5c96d9d2b283eb77173b6840aa832.exe	29
PID 2792 wrote to memory of 240	2792	1af5c96d9d2b283eb77173b6840aa832.exe	29
PID 2792 wrote to memory of 240	2792	1af5c96d9d2b283eb77173b6840aa832.exe	29

C:\Users\Admin\AppData\Local\Temp\1af5c96d9d2b283eb77173b6840aa832.exe
"C:\Users\Admin\AppData\Local\Temp\1af5c96d9d2b283eb77173b6840aa832.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\a2wt9PRKfy\ijAMOuJA\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2wt9PRKfy\ijAMOuJA\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2wt9PRKfy\ijAMOuJA\Setup.exe

Filesize
49KB

MD5
c1a0fe4965083088ac603f25f8ed0937

SHA1
e8f30fac53da12d05c0caa2fd2db72a5d32eb885

SHA256
67b29baf0871a01a8e29803e4d1a436835b3f73a517d211eaadd70317c2bcfb1

SHA512
9a92cf78d30319442e640a13be52f65bf7028d2fd48be84387f71105074d292633395e896908bb4dac67b76329d5a25f640dd1a6963755717e28dccb4bacc6c8

Download Submit
\Users\Admin\AppData\Local\Temp\a2wt9PRKfy\ijAMOuJA\Setup.exe

Filesize
15KB

MD5
96daa598252752205cb3c13bbd5eee7e

SHA1
170d976916a5b50641b2007b52a12c4c2458bdcb

SHA256
6fc2335e062362ac2636c8fc4d03d5128845574712a53dd35e0b5942985ba0e3

SHA512
7fc311740503fabc1c8e5ab00bc332bedbfb23e33e262d2e59e5fc0f8c1f18d7e1bd9c6156c87eceeafecbc8697cfdf4b600938eb296be7ba47df8f815139dfe

Download Submit
\Users\Admin\AppData\Local\Temp\a2wt9PRKfy\ijAMOuJA\Setup.exe

Filesize
92KB

MD5
bcc4e48039d04f4b6f038532529f9dd4

SHA1
792310632f02cbd80e0e80d738748649d7d55db8

SHA256
ac038db858b9cc3f59b3adc7ebfb9c8aeaf68475b7add5f5f233608d8a213259

SHA512
037cc9838054df10fa67937975b4da512350c33033ebd12859d630a2de9edc01727d9392526f32a409a4ef3b92880e2aa198b522471b7235b6abea09f00fd23d

Download Submit
\Users\Admin\AppData\Local\Temp\a2wt9PRKfy\ijAMOuJA\Setup.exe

Filesize
56KB

MD5
ce73729a601ce97b903db05164d04d95

SHA1
d95e4aa1739b9acda8d6ba3e7414c136d230297b

SHA256
d75186471f38014d956a956a4dc2f549231981a1eeff702c3fec78adb4dee2ef

SHA512
0d6105265fcd5bc343edb46aef6025961c18b720a78b8cb50cab73361b0a5e21e740b7b328d8523a14eac6123009339c89073dd5d9d33dce34b11b025e2bfaf4

Download Submit
\Users\Admin\AppData\Local\Temp\a2wt9PRKfy\ijAMOuJA\Setup.exe

Filesize
66KB

MD5
063653d65afa03a395c4587fe49978c7

SHA1
7ae307673c16ddb0e8c6876a093963d0f04d0e18

SHA256
766f1738461352f996252782f7ce1d5b841552aa8e09582973dfc0c91661d964

SHA512
2ee135ced4d38c26d94828cc3c3cda94ad078a9984507a300e0d5031c763a621aac78ff7cd1476f8a64e450e7aeceea767c1e0f2bb78521c4970a66fe4923af4

Download Submit
memory/240-843-0x0000000001F70000-0x000000000206E000-memory.dmp

Filesize
1016KB

Download
memory/240-625-0x0000000001F70000-0x000000000206E000-memory.dmp

Filesize
1016KB

Download
memory/2792-47-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-54-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-40-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-12-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-15-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-14-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-13-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-16-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-11-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-17-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-21-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-26-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-28-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-30-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-32-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-36-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-37-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-39-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-38-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-43-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-45-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-46-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-50-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-53-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-52-0x00000000774A0000-0x00000000775B0000-memory.dmp

Filesize
1.1MB

Download
memory/2792-51-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-49-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-48-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-8-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2792-44-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-42-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-41-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-10-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-9-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-62-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-57-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-59-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-61-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-60-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-64-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-63-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-35-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-58-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-66-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-65-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-56-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-55-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-34-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-33-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-31-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-29-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-27-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-25-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-24-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-23-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-22-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-1-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-2-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2792-0-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-20-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-19-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-18-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-7-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-203-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-853-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2792-852-0x00000000774A0000-0x00000000775B0000-memory.dmp

Filesize
1.1MB

Download