c3b22c94069ddc15e1d21384deaf7bd45684576206bac097cfe9b4222b5433a2

General

Target

1fc8e8956e33ea65b35d74d113bc8ccf.exe
Size

348KB
MD5

1fc8e8956e33ea65b35d74d113bc8ccf
SHA1

5cbff7cc1330e17cd4032af2bd3a18a613d667f7
SHA256

c3b22c94069ddc15e1d21384deaf7bd45684576206bac097cfe9b4222b5433a2
SHA512

582b7ba6caa22943f695234b0fe376b9b819e558a818c0f3cf16a7ee6950d5a15a77650f9bcc14bcc223587eeaaa71db4a9c2fe65581ecf81707bfc847f140be
SSDEEP

6144:TNHLmah7MZ4EBb5S+d4vXED8fl5hnl+BT3ufSRzRFHvijeNU2/:Tl7a4Z88frhnc+qRzRFHqjeNUi

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\newname = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1fc8e8956e33ea65b35d74d113bc8ccf.exe"	1fc8e8956e33ea65b35d74d113bc8ccf.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	\??\c:\windows\newname.dat	1fc8e8956e33ea65b35d74d113bc8ccf.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	1fc8e8956e33ea65b35d74d113bc8ccf.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2368	1fc8e8956e33ea65b35d74d113bc8ccf.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2368	1fc8e8956e33ea65b35d74d113bc8ccf.exe
2368	1fc8e8956e33ea65b35d74d113bc8ccf.exe
2368	1fc8e8956e33ea65b35d74d113bc8ccf.exe

C:\Users\Admin\AppData\Local\Temp\1fc8e8956e33ea65b35d74d113bc8ccf.exe
"C:\Users\Admin\AppData\Local\Temp\1fc8e8956e33ea65b35d74d113bc8ccf.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2368-2-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-3-0x0000000003EE0000-0x0000000003EE1000-memory.dmp

Filesize
4KB

Download
memory/2368-16-0x0000000004460000-0x0000000004461000-memory.dmp

Filesize
4KB

Download
memory/2368-17-0x0000000004500000-0x0000000004501000-memory.dmp

Filesize
4KB

Download
memory/2368-15-0x0000000004440000-0x0000000004441000-memory.dmp

Filesize
4KB

Download
memory/2368-14-0x0000000004520000-0x0000000004521000-memory.dmp

Filesize
4KB

Download
memory/2368-13-0x0000000004540000-0x0000000004541000-memory.dmp

Filesize
4KB

Download
memory/2368-12-0x0000000004510000-0x0000000004511000-memory.dmp

Filesize
4KB

Download
memory/2368-11-0x0000000004550000-0x0000000004551000-memory.dmp

Filesize
4KB

Download
memory/2368-10-0x0000000004470000-0x0000000004471000-memory.dmp

Filesize
4KB

Download
memory/2368-9-0x0000000004490000-0x0000000004491000-memory.dmp

Filesize
4KB

Download
memory/2368-8-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/2368-7-0x00000000044A0000-0x00000000044A2000-memory.dmp

Filesize
8KB

Download
memory/2368-6-0x0000000004530000-0x0000000004531000-memory.dmp

Filesize
4KB

Download
memory/2368-5-0x0000000000850000-0x0000000000851000-memory.dmp

Filesize
4KB

Download
memory/2368-4-0x0000000003E90000-0x0000000003E91000-memory.dmp

Filesize
4KB

Download
memory/2368-18-0x0000000006220000-0x0000000007282000-memory.dmp

Filesize
16.4MB

Download
memory/2368-31-0x0000000003E80000-0x0000000003E81000-memory.dmp

Filesize
4KB

Download
memory/2368-32-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-33-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-34-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-35-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-36-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-37-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-38-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-39-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-40-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-41-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-42-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-43-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-44-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-45-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download
memory/2368-46-0x0000000000400000-0x00000000004D5000-memory.dmp

Filesize
852KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads