14f5361df518aa2c267f2bee4b368525e2f6b503e3f6cd584f443e37d28a2993

Analysis

max time kernel
118s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01a1652f5a70ccfc664b609cf3dcf71d.exe
Size

1.1MB
MD5

01a1652f5a70ccfc664b609cf3dcf71d
SHA1

c72c142305b698adeb76bc6e0c71eb2c27bfe947
SHA256

14f5361df518aa2c267f2bee4b368525e2f6b503e3f6cd584f443e37d28a2993
SHA512

b66606d112b1c830dfa0db89dd393f05457334b15b70682a2c391171a6a62eb050a955436700014132c8eca53c66f6596ddf7bb81188c3a895570aaf9d5f4658
SSDEEP

24576:mWvknOMEfKVom2/sEcf+VzXReSICqmHrXlxEPYDERi2Aq7rr+iDnNY:mUeOMmMVeS+Nh1zqyfEPliz+ndDNY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2416	01a1652f5a70ccfc664b609cf3dcf71d.exe
2684	Setup.exe
2684	Setup.exe
2684	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2684	2416	01a1652f5a70ccfc664b609cf3dcf71d.exe	27
PID 2416 wrote to memory of 2684	2416	01a1652f5a70ccfc664b609cf3dcf71d.exe	27
PID 2416 wrote to memory of 2684	2416	01a1652f5a70ccfc664b609cf3dcf71d.exe	27
PID 2416 wrote to memory of 2684	2416	01a1652f5a70ccfc664b609cf3dcf71d.exe	27
PID 2416 wrote to memory of 2684	2416	01a1652f5a70ccfc664b609cf3dcf71d.exe	27
PID 2416 wrote to memory of 2684	2416	01a1652f5a70ccfc664b609cf3dcf71d.exe	27
PID 2416 wrote to memory of 2684	2416	01a1652f5a70ccfc664b609cf3dcf71d.exe	27

C:\Users\Admin\AppData\Local\Temp\01a1652f5a70ccfc664b609cf3dcf71d.exe
"C:\Users\Admin\AppData\Local\Temp\01a1652f5a70ccfc664b609cf3dcf71d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe

Filesize
45KB

MD5
3f15e58831af8817bc5223fafa0864a5

SHA1
4813e13155352298c6b33b8672bfdb43c46062a2

SHA256
9d49d60d5b15a6f937c7ddeba8f53fc5ee695daa8124b5ea20cf62a9a82b9f79

SHA512
960c07dfad57109fff71d2dc305b9ee9eff28a4d7ca4238c8c4c81620fd388fdab1be77656fa264b2e9d4426ec63f0d6926c47cdcf12664e88f2006443166367

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe

Filesize
94KB

MD5
71c7569ca5584a44bee365ec67243353

SHA1
042afb57ea63aa265a331938c6e37cf81fcbc70c

SHA256
5fb9cd4fc797ce1641c339932646d3e4776c5d08b324b0a7b94cd1ab56c1eff8

SHA512
832fd1d329ad33ba6e13ff1be1fb63f60bd45e9fed7ea38c16b353c1d24f40d244b60a2c636401b6538383a37549044619c8aca206b4da7d698bf998f19ac342

Download Submit
\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe

Filesize
132KB

MD5
567aa988082b5dc5cb5f75bfa670fd01

SHA1
1290b6d44ed1dc08d8cc88ef700ee6eb5f8f7bb4

SHA256
4645f1b600f7d6abc13412bb6857c8c10a97f288ae2f9696b66c223ddfa399ef

SHA512
dedcc99b5ac29d6654787bbeab11a7e3b13263b8403c2e386fdf062678bbcb8f0c9c913619278a902363165a646ad95465ce9fd3bee284fa39c6a53c09aa0fa4

Download Submit
\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe

Filesize
1.1MB

MD5
97663a04625c0db6bc763721c6635467

SHA1
8d5bda7ce4e4627f98c898009223718e013964aa

SHA256
d7e837d696f35018f1672d2e7abe612d093b48bf19dd84e88b70099113880375

SHA512
c7e3f04685f4d3ca55829f3cc9c01acd4eeecfb202ebdfb533a04c77a1ddc9fcf32e9d09ce5fbf605442804826375f67b55c69b50fec06a52a46ab191cf7e53a

Download Submit
\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe

Filesize
736KB

MD5
bb01dcfec67a9df197181a0ea9ad8f0e

SHA1
967e2e813b2741290370dbb8a96d998108ab1ed1

SHA256
b122c3b8fef5e251c9f7d4a69d59c1803d0c9862b7a6e563239a76df5be8c59a

SHA512
a1345dcc2cf68f7549041177424896399ea469a0bca34b6d3f4f7f6cef999f72dc1c0eb5cd44ff7e35bfce89290ef35e4a0c29f375f0bb81e97eb4cc876e8d9a

Download Submit
\Users\Admin\AppData\Local\Temp\a2mzFwBA1f\7urXmVHE\Setup.exe

Filesize
1.0MB

MD5
4f18d82d8047c321232f0ef5de317f65

SHA1
6ccf200e8ac95150637404eef0817e4d1f620f6c

SHA256
33234cb76c405eadff2085572061b9307eda4793acd55e8fdd06a2d07f9ffbb5

SHA512
5aabff1a8d88b97e99b65e41dad9086b62ab7d11c11092863b2fb081d4c01b971b6ea66328f14762333ab9c0b8659d2dee64ed63c35be01f5c3a12cc258b16e6

Download Submit
memory/2416-40-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-18-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-7-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-10-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-11-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-12-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-9-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2416-13-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-15-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-16-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-17-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-14-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-8-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-45-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-21-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-24-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-25-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-22-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-23-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-20-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-26-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-28-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-29-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-27-0x0000000075460000-0x0000000075570000-memory.dmp

Filesize
1.1MB

Download
memory/2416-46-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-33-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-35-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-36-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-37-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-39-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-1-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-42-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-38-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-2-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2416-34-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-43-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-47-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-48-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-41-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-49-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-44-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-50-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-51-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-52-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-32-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-30-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-54-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-55-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-53-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-56-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-31-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-57-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-59-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-60-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-61-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-63-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-66-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-65-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-0-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-64-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-62-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-58-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-19-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-203-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2416-852-0x0000000075460000-0x0000000075570000-memory.dmp

Filesize
1.1MB

Download
memory/2416-853-0x00000000002B0000-0x00000000003AE000-memory.dmp

Filesize
1016KB

Download
memory/2684-843-0x0000000000A80000-0x0000000000B7E000-memory.dmp

Filesize
1016KB

Download
memory/2684-624-0x0000000000A80000-0x0000000000B7E000-memory.dmp

Filesize
1016KB

Download