Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 07:12
Static task
static1
Behavioral task
behavioral1
Sample
11d739375f70fbf2a51dccbe75293a35.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
11d739375f70fbf2a51dccbe75293a35.exe
Resource
win10v2004-20231215-en
General
-
Target
11d739375f70fbf2a51dccbe75293a35.exe
-
Size
1.1MB
-
MD5
11d739375f70fbf2a51dccbe75293a35
-
SHA1
6cbeec131d3cace645443befe35643f4ced81770
-
SHA256
056b5d4aa688519340b8f282bd80037b561b19bb48d0464b0e5faf1ab4aeeba4
-
SHA512
2ee7a65c2ef2c8af918ef6fd0ef832c05f1af6ac757ae793d41bf27c77b5731ee211b54a8abe12e728746310c061f6241d168c7122f4f56a28fe7cb3b77ed15d
-
SSDEEP
24576:AWvknOMEflOR/ex3hLiD7+8fPm7TowN+U5yMn78+3ZrUl5:AUeOMmkRWxA7rf+7kAg0GH
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2620 Setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS Setup.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1" Setup.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN Setup.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0" Setup.exe Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND Setup.exe Set value (int) \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0" Setup.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3728 wrote to memory of 2620 3728 11d739375f70fbf2a51dccbe75293a35.exe 92 PID 3728 wrote to memory of 2620 3728 11d739375f70fbf2a51dccbe75293a35.exe 92 PID 3728 wrote to memory of 2620 3728 11d739375f70fbf2a51dccbe75293a35.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\11d739375f70fbf2a51dccbe75293a35.exe"C:\Users\Admin\AppData\Local\Temp\11d739375f70fbf2a51dccbe75293a35.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3728 -
C:\Users\Admin\AppData\Local\Temp\a2fDKmawgX\21ia190x\Setup.exeC:\Users\Admin\AppData\Local\Temp\a2fDKmawgX\21ia190x\Setup.exe --relaunch2⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
PID:2620
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60KB
MD50dae18461b78c3d419778e49c9abfcbc
SHA147561a09a9ed84e2fc7e061e753ecece48c88cd0
SHA2565c24116e1b751067c66512902cc9a7949eaf3d1ad8f2683d9cb52bf86b6e388b
SHA5126912232d35c107ed798a4cf9edcf348c472beeb5f50208601f45726ad34f8d2e1541267e49ca43f7d7d2f5b3ad70305fd42c85d2adf6351594fbd20170995553
-
Filesize
71KB
MD56ad408312f1e74b48d59a0d23e6c8845
SHA1518496269dd4caa6e9f6ca78a862fa2e4e355380
SHA256c299afad2cc890f750a099bf6c7b5e3448b3d50a8d5be7d41b5535f74bf6c897
SHA512116795834314d355bae13dd73e8ecd431a806266c37f6f174009205547bfa8b80a143818ffd10afc4347c46bd4c622808b26c6ca40bb2e2d981cbea422db6baa