15a9652151f8e911d8cd390e8ce935c61a45bf55e43ae14d13ea035a4283db0e

Analysis

max time kernel
0s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21d8129ce82a7a05b3bf391212105c11.exe
Size

1.2MB
MD5

21d8129ce82a7a05b3bf391212105c11
SHA1

5b528db1f1aace2702423f806fab01a9869c14f9
SHA256

15a9652151f8e911d8cd390e8ce935c61a45bf55e43ae14d13ea035a4283db0e
SHA512

ab4689b8ab3eeec9ac399d7bc165c34f0611011287a62df52c932b99a984a0d9f05fd950361b7d306b34c5d3039346030a6d23c9f061c3dad1b2a57230f145df
SSDEEP

24576:W9W0hphPOHAAlTmdcuYM+WE0ah2KHTmj+aEOzDcHOjMTRRwT:WW6H2HAA5mdcuYM+WElxHTmyEguj2nw

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	21d8129ce82a7a05b3bf391212105c11.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2612	21d8129ce82a7a05b3bf391212105c11.exe
2612	21d8129ce82a7a05b3bf391212105c11.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2612	21d8129ce82a7a05b3bf391212105c11.exe
2612	21d8129ce82a7a05b3bf391212105c11.exe

C:\Users\Admin\AppData\Local\Temp\21d8129ce82a7a05b3bf391212105c11.exe
"C:\Users\Admin\AppData\Local\Temp\21d8129ce82a7a05b3bf391212105c11.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2612-46-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2612-0-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-153-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-154-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-155-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-156-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2612-157-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-158-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-159-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-161-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-162-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-163-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-164-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-165-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-166-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-167-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-168-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download
memory/2612-169-0x0000000000400000-0x0000000000530000-memory.dmp

Filesize
1.2MB

Download