adac839107c90a7edc0ac06c75a682f6fe1343f968e5dc8f20c7907c24406d45

Analysis

max time kernel
156s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

027a371ca62041fa8569e38f222a47c0.exe
Size

22.3MB
MD5

027a371ca62041fa8569e38f222a47c0
SHA1

02ac81b1a98cc166e761790e2f8ad1096dbc1f67
SHA256

adac839107c90a7edc0ac06c75a682f6fe1343f968e5dc8f20c7907c24406d45
SHA512

1d17bfbc5a69b90ad31e4d93c54459413480d890ff166640bf46d697e8a1f99208e179c4e13daf4d2e19f7ee83bb863e5ae3a7bada3df4b1d15eed43fadee56a
SSDEEP

98304:EcKH5J2HhH5JZq2HhH5iH5JZE5iH5JZ6NHhH5JZq2HhH5iH5JZE5i:E

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2620	zvqlex.exe

Loads dropped DLL 2 IoCs

pid	Process
2332	027a371ca62041fa8569e38f222a47c0.exe
2332	027a371ca62041fa8569e38f222a47c0.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	zvqlex.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2620	zvqlex.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2620	zvqlex.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2620	zvqlex.exe
2620	zvqlex.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2620	2332	027a371ca62041fa8569e38f222a47c0.exe	27
PID 2332 wrote to memory of 2620	2332	027a371ca62041fa8569e38f222a47c0.exe	27
PID 2332 wrote to memory of 2620	2332	027a371ca62041fa8569e38f222a47c0.exe	27
PID 2332 wrote to memory of 2620	2332	027a371ca62041fa8569e38f222a47c0.exe	27

C:\Users\Admin\AppData\Local\Temp\027a371ca62041fa8569e38f222a47c0.exe
"C:\Users\Admin\AppData\Local\Temp\027a371ca62041fa8569e38f222a47c0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\zvqlex.exe
  C:\Users\Admin\AppData\Local\Temp\zvqlex.exe -run C:\Users\Admin\AppData\Local\Temp\027a371ca62041fa8569e38f222a47c0.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\zvqlex.exe

Filesize
62KB

MD5
327be1fbd55b2f98bde5216fbe15a179

SHA1
0b98faad1fafeca05258dcdef34f3e7c0598673c

SHA256
3958d0905a173c8640ababf6f30bbf74ee110299684ba04acbd07aa1a03408cb

SHA512
320fc795d805ae119759e30311306beef3354bd3b976a955c6a81ccb2f4932154c04b5b1f29db65d06aa24554779f2b7f338fbc940ab2aacb06c0b5b2af5ca01

Download Submit
C:\Users\Admin\AppData\Local\Temp\zvqlex.exe

Filesize
33KB

MD5
5d3c4d3a542ae9c14648fe69ee71a723

SHA1
629c30a08f60bcbe9c38d595d1963acf53162f31

SHA256
a0beb83880b98306462f65754471b888688c267d5717806d7582092d820ac889

SHA512
539539cb60e7ecd4f44b48d85c0d232d96a977f6956d9dfce6afbc65750b96a26efa7d984198352853b0ea7abd79b8cbfe33585284cfe5307b95c6adbf8193bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\zvqlex.exe

Filesize
23KB

MD5
055af2c870fb6a6e47c05ff0589b61e5

SHA1
ef924e1f5a6477c5c48dd1edbbcc376c8fccb559

SHA256
2e89dfe430967d6c56e8b7ffc8cde9faa4f3cc84df60b2747ca0b2c718a239f9

SHA512
89969f7e63fb2be768076c260635a2353d17e5cf765cc27821c4fd78acec9b37b1427ec3797956637dd8558acdcfe9169601001c11aa09424b98cec18114ac79

Download Submit
\Users\Admin\AppData\Local\Temp\zvqlex.exe

Filesize
45KB

MD5
16cc1342ad5516773c2d755a26dbe78d

SHA1
c2f1e58c768bfb565e326f80075065c50fe0d9b1

SHA256
b85270df4583aaaef078e4a69ad25b71273d7e955d98904e7637e5ddff4ec65a

SHA512
26ce3bb82fd78a351f8961863e7d3f9c4a4c148beb5e86451c73cdfc76c3e8cbeaf9fa2523f103094b837d5ae980edda3afd033b0a348d758c101b79c8f18267

Download Submit
\Users\Admin\AppData\Local\Temp\zvqlex.exe

Filesize
65KB

MD5
81ea152f2ab7d16931d448332c7a1d5c

SHA1
5dedffc3454d04eadd5e1c580e2234332627f483

SHA256
e6f7f6768fc068e036c994b6a30fd9aa832c6f38be288e74c00ed12359baec97

SHA512
1af609e0889fe7b595ac546d0dbab250e930e684b0680f200c372d26ab65de2c0efea1787fa8dab67fe448fe623fd00987d946d4af8d833c600b7534bb837917

Download Submit
memory/2332-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2332-8-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2332-7-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2332-6-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2332-5-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2332-4-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2332-2-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2332-3-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2332-27-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2332-26-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2332-25-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2332-24-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/2332-23-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2332-22-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/2332-21-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2332-20-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2332-19-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/2332-18-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/2332-17-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/2332-16-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2332-15-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

Filesize
4KB

Download
memory/2332-14-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/2332-13-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/2332-12-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2332-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2332-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-1-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/2332-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-10-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2332-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2332-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-54-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2332-60-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2332-59-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2332-61-0x0000000002310000-0x0000000002316000-memory.dmp

Filesize
24KB

Download
memory/2332-58-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2332-57-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2332-56-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2332-55-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2332-53-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2332-52-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2332-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2332-71-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/2332-69-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2332-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2620-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2620-72-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2620-121-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download