15b3fec5c9b2d1711736bf968daac23d4562416a5e4d1aaf89f4a348192a7bbf

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2011a0a3177e513c58421226ff1261e4.exe
Size

412KB
MD5

2011a0a3177e513c58421226ff1261e4
SHA1

5b18e4dc05b80613c2da58769f2e8869fc0be15d
SHA256

15b3fec5c9b2d1711736bf968daac23d4562416a5e4d1aaf89f4a348192a7bbf
SHA512

6dd1d7bdc3d3d8f42a0c76161b6ad0ddf7853847fb99d36a7e7f226f113fd2ed52e939345e21855e570ee70f1b33885d0f54e3b72b27e326a228100564d3354e
SSDEEP

6144:akc9Ws12eA6BNkgEsDerjAOKAOJU2yIHP7y9T2Tbab5GMUuwwMoI:Bs21sDerjQP7yt2TuvGRoI

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
688	2011a0a3177e513c58421226ff1261e4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 1588	688	2011a0a3177e513c58421226ff1261e4.exe	28
PID 688 wrote to memory of 1588	688	2011a0a3177e513c58421226ff1261e4.exe	28
PID 688 wrote to memory of 1588	688	2011a0a3177e513c58421226ff1261e4.exe	28
PID 688 wrote to memory of 1588	688	2011a0a3177e513c58421226ff1261e4.exe	28

C:\Users\Admin\AppData\Local\Temp\2011a0a3177e513c58421226ff1261e4.exe
"C:\Users\Admin\AppData\Local\Temp\2011a0a3177e513c58421226ff1261e4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\System32\mshta.exe" c:\ad051690-6da9-48e2-b141-9b9782a99404\start.hta
  2⤵
  - Modifies Internet Explorer settings
  PID:1588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\ad051690-6da9-48e2-b141-9b9782a99404\loader.gif

Filesize
1KB

MD5
e88ebd85dd56110ac6ea93fe0922988e

SHA1
684a31d864d33ff736234c41ac4e8d2c7f90d5ae

SHA256
379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

SHA512
211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

Download Submit
\??\c:\ad051690-6da9-48e2-b141-9b9782a99404\start.hta

Filesize
1KB

MD5
db4ada697fa7a0e215281533d52578e9

SHA1
fb755ea8371edf5065dc53e21eb413603f9eba7f

SHA256
f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

SHA512
9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

Download Submit
\ad051690-6da9-48e2-b141-9b9782a99404\InstallerHelper.dll

Filesize
132KB

MD5
b1e5e3a628512242c9bb809bd8164629

SHA1
9934a6c754079d010585a92a2b5ea3951234cd0a

SHA256
41eef66c6d2813acef2511b19b5341a9e8177b2bdcf8538a9b28017a4cb072d6

SHA512
0572f990d46cc0c753f8360d96dcb9596b97f5a4227922f8221a7b896dfe23a36274615dfbf39e2d00b3aa1b25fce46fdd5cea261a09ae94e671d5d53467e255

Download Submit