0689278f934d2846653bc13c736817d36d11e27002a1e9bdf5534e0654028628

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d830f2391def55e817d528fb37a0fd7.exe
Size

336KB
MD5

6d830f2391def55e817d528fb37a0fd7
SHA1

d08841b3c8949da0a643d2d6435e344ccc3fb018
SHA256

0689278f934d2846653bc13c736817d36d11e27002a1e9bdf5534e0654028628
SHA512

6c3d4bd58f0bc81d46de124d3d5b782fb991895c2c17d802e238eb34592e91cb8a5a8fe398281f878a5bd6df045c771e602f290afa854e277316f29b8b7741c6
SSDEEP

6144:S9E0id1RnLbii5bkgVuN+xSKV7Wkrsf7LsrnjyIuCL8ot:Se3dfXikbkgaISKV/2CLLt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3044	70EC285A-A967-40C2-9E8B-C27FB730A51C.exe

Loads dropped DLL 6 IoCs

pid	Process
2076	6d830f2391def55e817d528fb37a0fd7.exe
2076	6d830f2391def55e817d528fb37a0fd7.exe
2076	6d830f2391def55e817d528fb37a0fd7.exe
2076	6d830f2391def55e817d528fb37a0fd7.exe
2076	6d830f2391def55e817d528fb37a0fd7.exe
2076	6d830f2391def55e817d528fb37a0fd7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 3044	2076	6d830f2391def55e817d528fb37a0fd7.exe	28
PID 2076 wrote to memory of 3044	2076	6d830f2391def55e817d528fb37a0fd7.exe	28
PID 2076 wrote to memory of 3044	2076	6d830f2391def55e817d528fb37a0fd7.exe	28
PID 2076 wrote to memory of 3044	2076	6d830f2391def55e817d528fb37a0fd7.exe	28
PID 2076 wrote to memory of 2720	2076	6d830f2391def55e817d528fb37a0fd7.exe	30
PID 2076 wrote to memory of 2720	2076	6d830f2391def55e817d528fb37a0fd7.exe	30
PID 2076 wrote to memory of 2720	2076	6d830f2391def55e817d528fb37a0fd7.exe	30
PID 2076 wrote to memory of 2720	2076	6d830f2391def55e817d528fb37a0fd7.exe	30

C:\Users\Admin\AppData\Local\Temp\6d830f2391def55e817d528fb37a0fd7.exe
"C:\Users\Admin\AppData\Local\Temp\6d830f2391def55e817d528fb37a0fd7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2076
- C:\4b238dea-ceec-4941-934f-5f1fccf6b59b\70EC285A-A967-40C2-9E8B-C27FB730A51C.exe
  "C:\4b238dea-ceec-4941-934f-5f1fccf6b59b\70EC285A-A967-40C2-9E8B-C27FB730A51C.exe" -y -p82531304-D7E3-43E0-8ABA-25FDD60F3E34
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\System32\mshta.exe" c:\4b238dea-ceec-4941-934f-5f1fccf6b59b\start.hta
  2⤵
  - Modifies Internet Explorer settings
  PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\4b238dea-ceec-4941-934f-5f1fccf6b59b\70EC285A-A967-40C2-9E8B-C27FB730A51C.exe

Filesize
208KB

MD5
a2721772526fc2ac2057593544ed5b6a

SHA1
e70fcf40b6ad045e2a6306185e4468143441d1fe

SHA256
8fcce3743ce1b4694e29e909c4ad2bfeecd7a0d97f8c5d0d2e1b302f172f0f14

SHA512
7fb24353bcaa4ca5faf8f4f227f5b14eb4f42c0442badd9dbedce22dce31413f522970a0ab9bc9c434eca8cb6371c360de94c3c79974cda36313ccfc2935057e

Download Submit
\??\c:\4b238dea-ceec-4941-934f-5f1fccf6b59b\InstallerHelper.dll

Filesize
132KB

MD5
7de6614dc25a8dbe91d146f32eef78d5

SHA1
6d0e4a6a0f93d190076b5a1aca4a31e27e1b8ebb

SHA256
e7fe38ca82da9f8258d340aba6b4c16499689cd2416dccb3e1dcf8adee339a48

SHA512
42d92b3fc4fd395361c40a694f0dacd83daac1e35e5c84a8e69f473d9c888e9d19ab4c4d2d32d4f5dfda3e3dc0e534d4a48ec0dce9ab04edaa095420fc77e459

Download Submit
\??\c:\4b238dea-ceec-4941-934f-5f1fccf6b59b\loader.gif

Filesize
1KB

MD5
e88ebd85dd56110ac6ea93fe0922988e

SHA1
684a31d864d33ff736234c41ac4e8d2c7f90d5ae

SHA256
379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

SHA512
211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

Download Submit
\??\c:\4b238dea-ceec-4941-934f-5f1fccf6b59b\start.hta

Filesize
1KB

MD5
db4ada697fa7a0e215281533d52578e9

SHA1
fb755ea8371edf5065dc53e21eb413603f9eba7f

SHA256
f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

SHA512
9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

Download Submit