10361c67425f2e8dd000ce8d302a70f132c6f04a4b21cfa2de400977aeba5371

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

214915b042d1662c0bc3dc0e9e2fb5c3.exe
Size

1.1MB
MD5

214915b042d1662c0bc3dc0e9e2fb5c3
SHA1

504126de4a306694aebcf0dfcbd59f8343e3c6ad
SHA256

10361c67425f2e8dd000ce8d302a70f132c6f04a4b21cfa2de400977aeba5371
SHA512

ab10ad60cbb279efce0376aeff3a0a18bd939b677541b3733dbcdb432575ade67e7c8aca212f9bb2ebb25951b0c6b21587ddcf1148ebdbede82fe7ccc97bb9aa
SSDEEP

24576:IWvknOMEfid6tbYUDBRNNDH+6HXzlum+s38N0/RM:IUeOMmG6OUrjD/Xzla

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1648	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe
1648	Setup.exe
1648	Setup.exe
1648	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 1648	1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe	28
PID 1924 wrote to memory of 1648	1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe	28
PID 1924 wrote to memory of 1648	1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe	28
PID 1924 wrote to memory of 1648	1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe	28
PID 1924 wrote to memory of 1648	1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe	28
PID 1924 wrote to memory of 1648	1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe	28
PID 1924 wrote to memory of 1648	1924	214915b042d1662c0bc3dc0e9e2fb5c3.exe	28

C:\Users\Admin\AppData\Local\Temp\214915b042d1662c0bc3dc0e9e2fb5c3.exe
"C:\Users\Admin\AppData\Local\Temp\214915b042d1662c0bc3dc0e9e2fb5c3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe

Filesize
18KB

MD5
ea44e1f5900af9df913a93214a85fb1c

SHA1
f4decab50ea38cfbd8cd5c38d723336c3ca4c282

SHA256
97187c474d6f97a07464ff9e1d38bb4163b0dbe7fb1e946acc7d6cfdcb085d15

SHA512
2847b667d13ff1eb9894355a4d478abe064c586be44fe2dc654540c239d8266bf89fd5975d484660d5cc0d026f4e20bf0d8c73497df40dd6475bb8fc71a3c801

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe

Filesize
23KB

MD5
ab4457a83c02ff08c924e900f57b81a0

SHA1
97a88c0a741f4b524607bc872ef9ea373d4d6abb

SHA256
3d7643cc918b3c5a4b9d9aa935546a78321343233391a1d432a8d90af8f9c05c

SHA512
a10051f24cd956b8ae8b5d0b0ebd626450b4105ec28962c0bbd25040dcfb0bc14809c6879406c8496d0eeb0aa0d068f3aa44b9286a09e18ebcc4696302fdb4c1

Download Submit
\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe

Filesize
25KB

MD5
622f23ea99c6382978e3c2ddd0377134

SHA1
4e33d5587742176a55e3aa364898043c49072557

SHA256
1f0b3b99a34e53a8979ccb7d95d64cc8bbf7d7d7dce05c4a7b88beadf48d944f

SHA512
ad0191c3eaccf3b1be8ecad31fad20d00d7423d764a8339821cef15a3c0532b68f64049ddf3fe438df7b2ac02e047c5cdd4a4d89d8f2babb6e42eb761c17399f

Download Submit
\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe

Filesize
15KB

MD5
21c54c103ad8793823e615475d08646f

SHA1
fbe59e9f8bd11c68b373ad489347e6acdc26786b

SHA256
7cf86c3448b26b35c6106e6ae039e1f3f6287c845a5e1d2b1d16303d7dc9972c

SHA512
47228c0d2e72b1e76c36f2f0ff52944b7ef8c9ef58f7819730f9fff3c8065729515cdb85df3396ad5f2cfa4ebf56a235fe62f38236bedcd8633268889c93baef

Download Submit
\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe

Filesize
17KB

MD5
c76b713354a6398977b47da343f0336d

SHA1
35c67f4519d538b8d03d85ae8917b9ddb4149357

SHA256
018631dd18765a17df39a204467bd357cb85625240d98f70071d927e18505f4e

SHA512
a7524945b5e73170f081b69b52ed9540405853a041d6044d87347e04c98a529b73fb160d3ffa37b2fc7f5780faa155acb78d8bde435274e9129fd484439ee10c

Download Submit
\Users\Admin\AppData\Local\Temp\a2Bk4BvalT\AzZQrIQ5\Setup.exe

Filesize
39KB

MD5
b3730e0e62786956eed5f9a843bf3aa5

SHA1
edb68e99c9fe446e732a37498f19f16cf399f9cc

SHA256
ef147e9fd9fa60be723872873f37d71a35927b48e10eec334c6e817e0b56634e

SHA512
35419daa2c483f22c852a595a2d61926eb6facb795606bbab5c5208c5ca7010e696b7f43da7f1ff3e1339d7860ba644546a475c2e958679a01505b071879ff2f

Download Submit
memory/1648-843-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/1648-626-0x0000000002230000-0x000000000232E000-memory.dmp

Filesize
1016KB

Download
memory/1924-55-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-46-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-49-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-15-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-13-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-17-0x0000000075370000-0x0000000075480000-memory.dmp

Filesize
1.1MB

Download
memory/1924-16-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-18-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-19-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-20-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-26-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-32-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-36-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-42-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-47-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-50-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-51-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-57-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-64-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-66-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-65-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-63-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-62-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-61-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-60-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-59-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-58-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-56-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-8-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/1924-54-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-53-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-52-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-14-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-7-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-38-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-45-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-44-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-43-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-41-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-40-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-39-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-48-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-203-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-37-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-35-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-34-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-33-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-31-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-30-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-29-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-28-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-1-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-27-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-25-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-24-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-23-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-22-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-21-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-12-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-11-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-10-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-9-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/1924-0-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-853-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/1924-852-0x0000000075370000-0x0000000075480000-memory.dmp

Filesize
1.1MB

Download