dc301fee007d6193de04b8d643a499a2ca2839252996f1604cc7c449f92ff0cd

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

493508d0c1d06cb38591b356011f311f.exe
Size

152KB
MD5

493508d0c1d06cb38591b356011f311f
SHA1

19d6404774e46b74478b6c98c294df3b3ace1021
SHA256

dc301fee007d6193de04b8d643a499a2ca2839252996f1604cc7c449f92ff0cd
SHA512

57a35e8147b680e5ed1a9cbbf7e407a34a141e535f24ce637ed1eb075bfa9fbb2d11633a0f5b3b2773c27bfc15548a99eae9c95b4ca6c992399c5bb8e3c82d34
SSDEEP

3072:IdVHGO4U6UFxA+WpigxKtolw/XSEIGwH5cYFeHsEDxgJ2o8sk4Mw71:iHAUm+KiJ8+ZwZcNlFgEcR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2208	Avahaa.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Avahaa.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Avahaa.exe
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	493508d0c1d06cb38591b356011f311f.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	493508d0c1d06cb38591b356011f311f.exe
File created	C:\Windows\Avahaa.exe	493508d0c1d06cb38591b356011f311f.exe
File opened for modification	C:\Windows\Avahaa.exe	493508d0c1d06cb38591b356011f311f.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\Main	Avahaa.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\Software\Microsoft\Internet Explorer\International	Avahaa.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe
2208	Avahaa.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
216	493508d0c1d06cb38591b356011f311f.exe
2208	Avahaa.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2208	Avahaa.exe
2208	Avahaa.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2208	216	493508d0c1d06cb38591b356011f311f.exe	86
PID 216 wrote to memory of 2208	216	493508d0c1d06cb38591b356011f311f.exe	86
PID 216 wrote to memory of 2208	216	493508d0c1d06cb38591b356011f311f.exe	86

C:\Users\Admin\AppData\Local\Temp\493508d0c1d06cb38591b356011f311f.exe
"C:\Users\Admin\AppData\Local\Temp\493508d0c1d06cb38591b356011f311f.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\Avahaa.exe
  C:\Windows\Avahaa.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/216-0-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/216-2-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/216-1-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/216-32399-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/216-15859-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-22510-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-9-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-51856-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-67713-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-85115-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-111785-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-149490-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download
memory/2208-149491-0x0000000000400000-0x0000000000439000-memory.dmp

Filesize
228KB

Download