160fd1c01ef8ddc7d20cf517253f736cd794a1545bd1e641b6011e45cb00ec27

Analysis

max time kernel
206s
max time network
251s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7b9af6eef4c997d51aede2a0b1fd602e.exe
Size

451KB
MD5

7b9af6eef4c997d51aede2a0b1fd602e
SHA1

66c57d2f5065c2b6c01d2969d86f6fc0ec2d5f0d
SHA256

160fd1c01ef8ddc7d20cf517253f736cd794a1545bd1e641b6011e45cb00ec27
SHA512

dcc582dc1fb5716daa8fb8f425dc0ebbacb61c4d2776eef1fe33b0f2c82cf06e6a882545c1f0837d9a5ba72a066a0ef3e1890955900f7a50e369a909356b6711
SSDEEP

6144:7OoM2iSrUT2nTNtY/ccGKwp2sCaAWWaoRk/9tkTgK4syconxxmimx0awsPYU:amnTNtY/nwp27Jz4mBZonqasn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2932	installer.exe

Loads dropped DLL 5 IoCs

pid	Process
2084	7b9af6eef4c997d51aede2a0b1fd602e.exe
2084	7b9af6eef4c997d51aede2a0b1fd602e.exe
2084	7b9af6eef4c997d51aede2a0b1fd602e.exe
2084	7b9af6eef4c997d51aede2a0b1fd602e.exe
2084	7b9af6eef4c997d51aede2a0b1fd602e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	installer.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2932	installer.exe
2932	installer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2932	2084	7b9af6eef4c997d51aede2a0b1fd602e.exe	28
PID 2084 wrote to memory of 2932	2084	7b9af6eef4c997d51aede2a0b1fd602e.exe	28
PID 2084 wrote to memory of 2932	2084	7b9af6eef4c997d51aede2a0b1fd602e.exe	28
PID 2084 wrote to memory of 2932	2084	7b9af6eef4c997d51aede2a0b1fd602e.exe	28

C:\Users\Admin\AppData\Local\Temp\7b9af6eef4c997d51aede2a0b1fd602e.exe
"C:\Users\Admin\AppData\Local\Temp\7b9af6eef4c997d51aede2a0b1fd602e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\Temporary files\installer.exe
  "C:\Users\Admin\AppData\Local\Temp\Temporary files\installer.exe" /path="C:\Users\Admin\AppData\Local\Temp\7b9af6eef4c997d51aede2a0b1fd602e.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Temporary files\parent.txt

Filesize
451KB

MD5
7b9af6eef4c997d51aede2a0b1fd602e

SHA1
66c57d2f5065c2b6c01d2969d86f6fc0ec2d5f0d

SHA256
160fd1c01ef8ddc7d20cf517253f736cd794a1545bd1e641b6011e45cb00ec27

SHA512
dcc582dc1fb5716daa8fb8f425dc0ebbacb61c4d2776eef1fe33b0f2c82cf06e6a882545c1f0837d9a5ba72a066a0ef3e1890955900f7a50e369a909356b6711

Download Submit
\Users\Admin\AppData\Local\Temp\Temporary files\installer.exe

Filesize
5KB

MD5
dbcb2752538c2258b03406e2df7e485c

SHA1
390152b5949bb0e6599d41a58ec4f431d16ab0b0

SHA256
fd072cd876c0896e00a40a3c28f6ad4637e03cf90c444763e462bc067513048a

SHA512
e0cb840c8f6cbd7a3c24c78f2fe2c85b5706f556b39e408756528d8b139a662e177713be350821520478f7538faa39cd2b51922103f830195215a18be638953e

Download Submit
memory/2932-14-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-7-0x00000000005A0000-0x00000000005E2000-memory.dmp

Filesize
264KB

Download
memory/2932-10-0x000007FEF5700000-0x000007FEF609D000-memory.dmp

Filesize
9.6MB

Download
memory/2932-11-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-12-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-13-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-8-0x000007FEF5700000-0x000007FEF609D000-memory.dmp

Filesize
9.6MB

Download
memory/2932-9-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-21-0x00000000208C0000-0x0000000021066000-memory.dmp

Filesize
7.6MB

Download
memory/2932-26-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-27-0x000007FEF5700000-0x000007FEF609D000-memory.dmp

Filesize
9.6MB

Download
memory/2932-28-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-29-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download
memory/2932-30-0x0000000000D60000-0x0000000000DE0000-memory.dmp

Filesize
512KB

Download