1468493c8b2a9517830c4a3cdc48a09df45fca95d2ac3dfd138a77604ad4424e

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

311cfaf66be2e6e4dc4490f3ea441321.exe
Size

1.1MB
MD5

311cfaf66be2e6e4dc4490f3ea441321
SHA1

e15817a29b8c760a4b6e6268bce7bbd3818c4891
SHA256

1468493c8b2a9517830c4a3cdc48a09df45fca95d2ac3dfd138a77604ad4424e
SHA512

5e9ec473eb2e1c08a8bc81eba49007d2bbddaa1ab90a726544c1e89565cea52eeb60f46cabbce299d66cb88411245c550b824352f1e6567b46e73f0dd4dbf9a9
SSDEEP

24576:eWvknOMEfu2sthY7ugl3EwszUawtygSrXd71IrL:eUeOMm1stG7ug5Bp0g6BurL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2632	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2236	311cfaf66be2e6e4dc4490f3ea441321.exe
2632	Setup.exe
2632	Setup.exe
2632	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2632	2236	311cfaf66be2e6e4dc4490f3ea441321.exe	28
PID 2236 wrote to memory of 2632	2236	311cfaf66be2e6e4dc4490f3ea441321.exe	28
PID 2236 wrote to memory of 2632	2236	311cfaf66be2e6e4dc4490f3ea441321.exe	28
PID 2236 wrote to memory of 2632	2236	311cfaf66be2e6e4dc4490f3ea441321.exe	28
PID 2236 wrote to memory of 2632	2236	311cfaf66be2e6e4dc4490f3ea441321.exe	28
PID 2236 wrote to memory of 2632	2236	311cfaf66be2e6e4dc4490f3ea441321.exe	28
PID 2236 wrote to memory of 2632	2236	311cfaf66be2e6e4dc4490f3ea441321.exe	28

C:\Users\Admin\AppData\Local\Temp\311cfaf66be2e6e4dc4490f3ea441321.exe
"C:\Users\Admin\AppData\Local\Temp\311cfaf66be2e6e4dc4490f3ea441321.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\a2k9zdGgsx\8IRgqq74\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2k9zdGgsx\8IRgqq74\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\a2k9zdGgsx\8IRgqq74\Setup.exe

Filesize
1.1MB

MD5
311cfaf66be2e6e4dc4490f3ea441321

SHA1
e15817a29b8c760a4b6e6268bce7bbd3818c4891

SHA256
1468493c8b2a9517830c4a3cdc48a09df45fca95d2ac3dfd138a77604ad4424e

SHA512
5e9ec473eb2e1c08a8bc81eba49007d2bbddaa1ab90a726544c1e89565cea52eeb60f46cabbce299d66cb88411245c550b824352f1e6567b46e73f0dd4dbf9a9

Download Submit
memory/2236-1-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2236-0-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-2-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-7-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-9-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-8-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2236-65-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-64-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-63-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-62-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-61-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-60-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-59-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-58-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-57-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-56-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-55-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-54-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-53-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-52-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-51-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-50-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-49-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-48-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-47-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-46-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-45-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-44-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-43-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-42-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-41-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-40-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-39-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-38-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-37-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-36-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-35-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-34-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-33-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-32-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-31-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-30-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-29-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-28-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-27-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-26-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-25-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-24-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-23-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-22-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-21-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-20-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-19-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-18-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-17-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-16-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-15-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-14-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-13-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-12-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-11-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-10-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-122-0x00000000770F0000-0x0000000077200000-memory.dmp

Filesize
1.1MB

Download
memory/2236-204-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2236-852-0x00000000770F0000-0x0000000077200000-memory.dmp

Filesize
1.1MB

Download
memory/2236-853-0x0000000001DF0000-0x0000000001EEE000-memory.dmp

Filesize
1016KB

Download
memory/2632-624-0x0000000000B70000-0x0000000000C6E000-memory.dmp

Filesize
1016KB

Download
memory/2632-843-0x0000000000B70000-0x0000000000C6E000-memory.dmp

Filesize
1016KB

Download