ddb26bc461afcf39ef0ffebb23e33ff4313382610989c5f744a7b810513ba940

Analysis

max time kernel
6s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61fd3b65043c02d19fe62f17bdfcc697.exe
Size

116KB
MD5

61fd3b65043c02d19fe62f17bdfcc697
SHA1

d1c35c62b0d23c9132055224f2a98cfc89ee4948
SHA256

ddb26bc461afcf39ef0ffebb23e33ff4313382610989c5f744a7b810513ba940
SHA512

1f1a24ae81dce8d9b083691164b663fa0115c8c6379169ffa8e4dfa0d89333d5454225451ad0dd265c1b486258518fb966e8ed76da4145840b6fcfcc6c2a3c82
SSDEEP

3072:98RTVXDNJqxSA5HDc3I3nNoOsRXurRUQzj+5H/U:SZRcx5VMpOKXur2Qf+5H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1008	Vpekua.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job	Vpekua.exe
File opened for modification	C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job	Vpekua.exe
File created	C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job	61fd3b65043c02d19fe62f17bdfcc697.exe
File opened for modification	C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job	61fd3b65043c02d19fe62f17bdfcc697.exe
File created	C:\Windows\Vpekua.exe	61fd3b65043c02d19fe62f17bdfcc697.exe
File opened for modification	C:\Windows\Vpekua.exe	61fd3b65043c02d19fe62f17bdfcc697.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	Vpekua.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 1008	3068	61fd3b65043c02d19fe62f17bdfcc697.exe	90
PID 3068 wrote to memory of 1008	3068	61fd3b65043c02d19fe62f17bdfcc697.exe	90
PID 3068 wrote to memory of 1008	3068	61fd3b65043c02d19fe62f17bdfcc697.exe	90

C:\Users\Admin\AppData\Local\Temp\61fd3b65043c02d19fe62f17bdfcc697.exe
"C:\Users\Admin\AppData\Local\Temp\61fd3b65043c02d19fe62f17bdfcc697.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\Vpekua.exe
  C:\Windows\Vpekua.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Twain001.Mtx

Filesize
2B

MD5
309fc7d3bc53bb63ac42e359260ac740

SHA1
2064f80f811db79a33c4e51c10221454e30c74ae

SHA256
ac11339ffa8f270c4f781e0a3922bb1c80d9dee6e4b6911ca34538ed9ae03caa

SHA512
77dd27d30f4e13a0bcd6fd27ae7567c136d87393e5ee632bccf05b0a0d2bbcc2fc0fd777a8508e26cc4fc579c8da0ab56b7bf179b1adc70f28f7d0eee89fa5f8

Download Submit
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job

Filesize
362B

MD5
a7aac1e1e7e43d48b5e2aa2b198bd125

SHA1
f133ee5daafea99b1dfc2f073dd4d5fc73255dd6

SHA256
3b29d36f454857374b34a0203d35e4a35f65fb0f6ea49c91915480721191c017

SHA512
10c24b0a67831c8ccd5584a27768430dae7e684a8e5a5f0f69b4895eb1aacab0e0c6db0e6d9c40a333ba3514972e40aef8da41eb29b3d85eca027c30245f0369

Download Submit
C:\Windows\Vpekua.exe

Filesize
13KB

MD5
ec3164e54e6a43f7f32de99a3ea718b4

SHA1
80acb076d598489e1093aca2c46b0bf6e6711cc0

SHA256
49e9415784afb702b0f541149b6f40193a5ea5055c1ca1c27f3a884374f7a232

SHA512
b664fe7629b94719a84b508d2b402ff1f3c57e9d91f4b2209b3a5e50a47ef3710ed416baeb3f255df1b205f4212a22bc3adffd618e0e3dd6ad194537456ac29f

Download Submit
C:\Windows\Vpekua.exe

Filesize
5KB

MD5
6efe55d4f4a8947e728fb4ede9893899

SHA1
b171f32498590684581953fdb666a84726039ea3

SHA256
acd64d8f34169d72f23895bfccd011494e5753a3a79a506155e43be403f0b873

SHA512
0e4ac8185b9e3236c4f504512bb3392da4eda0ea5b3deb33cdbaa5fc6df601b4d7fecfc9384e335891290c891ee20362a473da721d4a459c27087e0dda8abfb5

Download Submit
memory/1008-22372-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-135464-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-135472-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-135468-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-135466-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-135465-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-51302-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-68615-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-86278-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-117140-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/1008-11-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3068-35694-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3068-1-0x00000000020F0000-0x0000000002113000-memory.dmp

Filesize
140KB

Download
memory/3068-15044-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3068-2-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download