10616628e228cc687ba78da28837a179702760b7604bbd86fb5c214dc58f612f

General

Target

0c928ea662fbf9b5be52bf4c7cb7bd58.exe
Size

3.1MB
MD5

0c928ea662fbf9b5be52bf4c7cb7bd58
SHA1

00025bce1664a0e180189e599e7fd1501fbce63e
SHA256

10616628e228cc687ba78da28837a179702760b7604bbd86fb5c214dc58f612f
SHA512

b45bd9174150ca32b06aa8a922a4aef5c4fa898b1644dab208385a0dd0a029428520af50bf57edcc89b6fb351df0d3747f7b56a73020ec36ff8838e647a73505
SSDEEP

49152:Fvm22KmZWXqrJry+JGfKWEQoFsmyUiG4/wlrUbyI1EYwLVT5kUvgJSgHT6ojkxFn:5mJZWgry+ajoFZyR6dlzVLUjH5oxFbxx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2024	BB15.tmp
2828	0c928ea662fbf9b5be52bf4c7cb7bd58.exe

Loads dropped DLL 2 IoCs

pid	Process
2020	0c928ea662fbf9b5be52bf4c7cb7bd58.exe
2024	BB15.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	0c928ea662fbf9b5be52bf4c7cb7bd58.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2024	BB15.tmp

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2828	0c928ea662fbf9b5be52bf4c7cb7bd58.exe
2828	0c928ea662fbf9b5be52bf4c7cb7bd58.exe
2828	0c928ea662fbf9b5be52bf4c7cb7bd58.exe
2828	0c928ea662fbf9b5be52bf4c7cb7bd58.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2024	2020	0c928ea662fbf9b5be52bf4c7cb7bd58.exe	28
PID 2020 wrote to memory of 2024	2020	0c928ea662fbf9b5be52bf4c7cb7bd58.exe	28
PID 2020 wrote to memory of 2024	2020	0c928ea662fbf9b5be52bf4c7cb7bd58.exe	28
PID 2020 wrote to memory of 2024	2020	0c928ea662fbf9b5be52bf4c7cb7bd58.exe	28
PID 2024 wrote to memory of 2828	2024	BB15.tmp	29
PID 2024 wrote to memory of 2828	2024	BB15.tmp	29
PID 2024 wrote to memory of 2828	2024	BB15.tmp	29
PID 2024 wrote to memory of 2828	2024	BB15.tmp	29

C:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe
"C:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\BB15.tmp
  "C:\Users\Admin\AppData\Local\Temp\BB15.tmp" --splashC:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe 584069D2DC5BC5D407F96440A163B78686C9680FBA202E0CE03716C9873DC40ABF808C9263AF007C732C633162D349C4ACFD5FA0F97EF106ABDD4037A60F0C9E
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: RenamesItself
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe
    "C:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe"
    3⤵
    - Executes dropped EXE
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe

Filesize
355KB

MD5
2307a901e61e883d999ad9183b05292a

SHA1
00a16264bb03e157b1d4e80190402fe5fe6a5736

SHA256
f3544ed44ce6307727d005b54f742b4942b52be7f83e07813ce90c36c7055e35

SHA512
789f3ae61f1237ff7b5725788ad856d28da8c0a5c4012d88f3f32c10af90e6667648f3ae54c1eda6b5dde8c3512d9f7ddb2daf9330b4504452fb80e924a608a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe

Filesize
246KB

MD5
90b4fb5200b4fd35cd869babe836ae4c

SHA1
6058f25b7f9ce5f078f58809f2504814fc86a0b9

SHA256
56180544b6e90309d969e2cac3facfdaf8578068030b102de96e181d48f0fd37

SHA512
c2c095adebca4940fa520d770604074a913252eb150d83717103d845271c465c19763e8c4696e4f31c69c70b3c4889974aebd95bba3678cd23725a98181f1dbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe

Filesize
134KB

MD5
93ff15b19cf365fac86b8641f11835c0

SHA1
556e0d6f18dda368ab1d1a56f164186ebed55128

SHA256
4851c6e60fda0d0681239b79e65d0f03ce9308c770149e9d1d71dc6f8f1dcf13

SHA512
53886210d9c72cd4f77a11a0388ea53c608fd754ca55a4e6d39ce6e2f26379a8a4bac79bc3b535d4ff3f704bc9abe2ec0693577b230714c9ef97c7af88d809f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\BB15.tmp

Filesize
1.1MB

MD5
769f1539ca8e858738d5c81e9988ac1d

SHA1
f54ca2d100fc795888b49d608b57f0dc553045eb

SHA256
14681f6d4110141a274916d0f6e3f59ad3829726d96ed3eb6eb03935e9d8843b

SHA512
ab0d1d91fb5c6d705ab115f5064b93631d7bba07ebdea568afd66f776358c8d159779f5399fb3c68c46775da04a04151bf92d20adf8b13b9aeff02f9b81563cc

Download Submit
\Users\Admin\AppData\Local\Temp\0c928ea662fbf9b5be52bf4c7cb7bd58.exe

Filesize
146KB

MD5
23ee9b6c569302289bff1f102a22f4e1

SHA1
831d727a44fc8e3b3268301c01ea34bbc52cd92f

SHA256
8f1cbb4d9fb1428fe1900fe863dec65cbbe2cd4d65f07466f3429bc5dd39d41b

SHA512
f309712d8ed24e7d2fdbe619e34186e3bea15ca398ab26fc0564292b0cef00bf8c6e3efca148c68152868058929ce57e15e33960a8b6310af5f154146e545aab

Download Submit
\Users\Admin\AppData\Local\Temp\BB15.tmp

Filesize
1.2MB

MD5
68d13c41e1229a4c460ad92926a208b6

SHA1
b6282a626b908c86156dabb5919cd4cacae06ed3

SHA256
43952b935f430093fa05594a2863f605bccde1a917f65795ed7fd90787f5f354

SHA512
6fd39be73b2234ba31e818e0c2206303898f4773c0acbad5e977e8d6f7f26e79f6ff50d2f2361a1637c5aeae9958b093f388af3e11474c4b825aa2f67272d52a

Download Submit
memory/2020-0-0x0000000000400000-0x000000000071F000-memory.dmp

Filesize
3.1MB

Download
memory/2024-6-0x0000000000400000-0x000000000071F000-memory.dmp

Filesize
3.1MB

Download
memory/2024-14-0x0000000002A40000-0x0000000002E65000-memory.dmp

Filesize
4.1MB

Download
memory/2828-16-0x00000000000F0000-0x00000000000F3000-memory.dmp

Filesize
12KB

Download
memory/2828-15-0x0000000000190000-0x00000000005B5000-memory.dmp

Filesize
4.1MB

Download
memory/2828-72-0x0000000000190000-0x00000000005B5000-memory.dmp

Filesize
4.1MB

Download
memory/2828-74-0x00000000000F0000-0x00000000000F3000-memory.dmp

Filesize
12KB

Download
memory/2828-78-0x0000000000190000-0x00000000005B5000-memory.dmp

Filesize
4.1MB

Download

Analysis

Sharing