e1a28615b2edea67f116b77fe939e93af4d92590ed8c243316e64675c7045daf

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

041b87b0566124fb57bceb33ba263105.exe
Size

344KB
MD5

041b87b0566124fb57bceb33ba263105
SHA1

d3819c526a60059c80a0a29d4a72057aaee737f6
SHA256

e1a28615b2edea67f116b77fe939e93af4d92590ed8c243316e64675c7045daf
SHA512

0cd5c36885872caea4578ffaa4fdd8db4ccae113ccd789f4d0961283474e8f3d5c34b0388bffdaa51d2888ebcd03e38a4b2eefe5e39f679811c39099f11b8454
SSDEEP

6144:OBfosESuJD5MhiL6w1NQA+Bw9AxYyFpT5j0M0m5Vit0iiOMbovssm1BkM2nVL:OBfPUJFneSNvle9jtj0M0m5xlVmZll

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	041b87b0566124fb57bceb33ba263105.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	041b87b0566124fb57bceb33ba263105.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	041b87b0566124fb57bceb33ba263105.exe

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ = "this is my ebook"	041b87b0566124fb57bceb33ba263105.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\041b87b0566124fb57bceb33ba263105.MyNSHandler	041b87b0566124fb57bceb33ba263105.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\041b87b0566124fb57bceb33ba263105.MyNSHandler\Clsid	041b87b0566124fb57bceb33ba263105.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\041b87b0566124fb57bceb33ba263105.MyNSHandler\Clsid\ = "{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}"	041b87b0566124fb57bceb33ba263105.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ProgID	041b87b0566124fb57bceb33ba263105.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}	041b87b0566124fb57bceb33ba263105.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\LocalServer32	041b87b0566124fb57bceb33ba263105.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\041b87b0566124fb57bceb33ba263105.exe"	041b87b0566124fb57bceb33ba263105.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\041b87b0566124fb57bceb33ba263105.MyNSHandler\ = "this is my ebook"	041b87b0566124fb57bceb33ba263105.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E8CFC029-8420-4EAE-ADEF-915BDC77E1DC}\ProgID\ = "041b87b0566124fb57bceb33ba263105.MyNSHandler"	041b87b0566124fb57bceb33ba263105.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2500	041b87b0566124fb57bceb33ba263105.exe
2500	041b87b0566124fb57bceb33ba263105.exe

C:\Users\Admin\AppData\Local\Temp\041b87b0566124fb57bceb33ba263105.exe
"C:\Users\Admin\AppData\Local\Temp\041b87b0566124fb57bceb33ba263105.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2500-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2500-17-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download
memory/2500-19-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download