5735ad1d24d79cc299d76e0d6772c07c80dde517afe6301d6f86601cb0523c1e

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eeda62e0348e238627d623fd17be5cb.exe
Size

693KB
MD5

6eeda62e0348e238627d623fd17be5cb
SHA1

3fd03d053d2f3b525ea7bf9efcf57c7c05803e61
SHA256

5735ad1d24d79cc299d76e0d6772c07c80dde517afe6301d6f86601cb0523c1e
SHA512

e5ba0619950173e31f33d9277a18dd6f304ce9e41be4cbaad0d71a7947c6d76279324ef919b51634a0a239b1dc030ccb31e946d47d9c7c1a6aaeb887aa76cd62
SSDEEP

12288:HPqlDAbt2HGn1dlrRe0eBkjvKghJqmMIAp4805TBzHeFd:HCrHGn1bYlkjv5hJ3MIApL05NzWd

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	6eeda62e0348e238627d623fd17be5cb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	6eeda62e0348e238627d623fd17be5cb.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	6eeda62e0348e238627d623fd17be5cb.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	6eeda62e0348e238627d623fd17be5cb.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
860	6eeda62e0348e238627d623fd17be5cb.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
860	6eeda62e0348e238627d623fd17be5cb.exe
860	6eeda62e0348e238627d623fd17be5cb.exe

C:\Users\Admin\AppData\Local\Temp\6eeda62e0348e238627d623fd17be5cb.exe
"C:\Users\Admin\AppData\Local\Temp\6eeda62e0348e238627d623fd17be5cb.exe"
1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads