2196d8908dede412f04ece7195d8f8a99a0a74eb13458f0c7205b196ca51376d

Analysis

max time kernel
122s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d81a41ab29a36b154c931184310248d.exe
Size

1.1MB
MD5

1d81a41ab29a36b154c931184310248d
SHA1

f24cc7da2165edacc941420e095596e7dbd09a2f
SHA256

2196d8908dede412f04ece7195d8f8a99a0a74eb13458f0c7205b196ca51376d
SHA512

9ed50df49d0446f6780a69bc65b1da0389245431daf8209feb6bedf256e7c2002fc52d297b12321089ae382d5b7542f47c74563bc1b77b1b171736cfbc73cbc2
SSDEEP

24576:mWvknOMEfBtYmcmAByGTHqjiJ7zz8MAG0iEX8ng7Smn9D4B0g+48+p:mUeOMmcmcmABLTHqsz8/Gpg9du8+p

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2932	1d81a41ab29a36b154c931184310248d.exe
2804	Setup.exe
2804	Setup.exe
2804	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2804	2932	1d81a41ab29a36b154c931184310248d.exe	28
PID 2932 wrote to memory of 2804	2932	1d81a41ab29a36b154c931184310248d.exe	28
PID 2932 wrote to memory of 2804	2932	1d81a41ab29a36b154c931184310248d.exe	28
PID 2932 wrote to memory of 2804	2932	1d81a41ab29a36b154c931184310248d.exe	28
PID 2932 wrote to memory of 2804	2932	1d81a41ab29a36b154c931184310248d.exe	28
PID 2932 wrote to memory of 2804	2932	1d81a41ab29a36b154c931184310248d.exe	28
PID 2932 wrote to memory of 2804	2932	1d81a41ab29a36b154c931184310248d.exe	28

C:\Users\Admin\AppData\Local\Temp\1d81a41ab29a36b154c931184310248d.exe
"C:\Users\Admin\AppData\Local\Temp\1d81a41ab29a36b154c931184310248d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe

Filesize
5KB

MD5
a891b0c9b4a163a43e001f3b7bbab687

SHA1
8b430743247dd42a4696fe7923fbea4ae549dc77

SHA256
cfb1e457316a5e777153ed1ea9f220882bee66113b6b736e6a3793b799914518

SHA512
c333225420e5da1f7667bf47b6ee62b1f01eaa66af0fde7697f666e9b11724fddd70c2cf8575c8a1fe0f3f0baf48613c289bda1734df85d54815136ab6477e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe

Filesize
11KB

MD5
e5bc637442cb6358bbe4e13f727a779b

SHA1
ca84b9c1bd6414cc008870b63acd91111a26886b

SHA256
5808be33952521a8c5e18822397a8852646ddd8f47d0b78da4785587174297fa

SHA512
efff6a0c6626506adc06156ed853c949ba72e9c529ab858a0d22bd3c2180e1dd2eb3a8c73464fc0c0120e9629cbccfcff204a43a010ecdaaac118c676cf21bcf

Download Submit
\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe

Filesize
20KB

MD5
71eb3ffc53f56223339fd2feba79f5c2

SHA1
d9ba006ace008e7df3c71271e08e5c7a5f056ee6

SHA256
9c508b944f1452471ffad3f166d20f9e62a04294a3f6b18a76ca53420725013b

SHA512
b50bde82f75184e63a648874ff4aef01af1915b3583f220e05e3c57feac82dcd91b8d2021a55fb5ae7bad95ed59f39190db0fb22e731f500aec5722310581516

Download Submit
\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe

Filesize
12KB

MD5
c34a7d75d7f87b5ef45b22d399368888

SHA1
0430533325a5e6ad63e2f3adff434cbec0ecdb4b

SHA256
862e684f6d69db271b031b407f7fefd7355b1cb550c1eeded395b7e500343ae6

SHA512
e1c5574fe0aba4fa56ba47245eb01ff77b384eb675870599d3f901fcf2f0dced9c3957ad426d2df874aaf3ea840f5a8d7e41254b640db4f9bfe5045490bb2d44

Download Submit
\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe

Filesize
12KB

MD5
5b06fca6eb8969c842c3c440ed303612

SHA1
aed47e28deeec663d260bb9d09df8a63476aa5f5

SHA256
5dd255e0dd214e235fb431105527d8377c567352d7c8f623e290c40fca8e82cf

SHA512
4abd05398fe2e69b7fb338d38d328abf3d1778324739fc853bf99bfd862b19b28e99347a89d2695cd912f9954592b94771842cac8a601e29a8e787791bce626a

Download Submit
\Users\Admin\AppData\Local\Temp\a2iX8bQpWg\nFpDUNiq\Setup.exe

Filesize
10KB

MD5
217b52c2451617348b0ec8781748be24

SHA1
5fa261659f89135a46125d38347f3284a1a3166e

SHA256
02d0f70b6b6b7f16fc3bbdb62f87071980ad089db060a6389dbfc88fc6aeb010

SHA512
ad1305c4892d0855c0956b7589a16179c512483f7adb288a5941ecd020cc1f63489b4c65ba76788f8b285150f9c35a97b17377ffa4709db4b18ea256ce848a85

Download Submit
memory/2804-843-0x0000000001F10000-0x000000000200E000-memory.dmp

Filesize
1016KB

Download
memory/2804-624-0x0000000001F10000-0x000000000200E000-memory.dmp

Filesize
1016KB

Download
memory/2932-48-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-23-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-12-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2932-11-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-13-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-14-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-8-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-15-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-18-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-20-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-21-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-24-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-25-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-56-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-22-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-26-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-28-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-29-0x0000000076840000-0x0000000076950000-memory.dmp

Filesize
1.1MB

Download
memory/2932-30-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-27-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-31-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-32-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-33-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-37-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-41-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-43-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-46-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-47-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-9-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-50-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-57-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-55-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-60-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-10-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-53-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-58-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-59-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-54-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-61-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-63-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-66-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-65-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-64-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-62-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-52-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-51-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-49-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-45-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-44-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-42-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-40-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-39-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-38-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-36-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-35-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-34-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-2-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-1-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2932-0-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-19-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-17-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-16-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-7-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-205-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-853-0x0000000000520000-0x000000000061E000-memory.dmp

Filesize
1016KB

Download
memory/2932-852-0x0000000076840000-0x0000000076950000-memory.dmp

Filesize
1.1MB

Download