d5d815de5a9b110f0903ec720d67b8a91e910d6dfcc8d72d5f945adbe6b9eef4

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1925e2bc7b1f1de32976828c2b635fab.exe
Size

606KB
MD5

1925e2bc7b1f1de32976828c2b635fab
SHA1

1587dcfca37249e68180374aadfe4409a2fce9ae
SHA256

d5d815de5a9b110f0903ec720d67b8a91e910d6dfcc8d72d5f945adbe6b9eef4
SHA512

22d506433c006a8807a0d0736413c085d38cdbea825d60cd4763acb2eedc16d1b82309af5d0e8f475366c4abe436b2a70a4cdd3db8d75f6ee06adb4efa452148
SSDEEP

12288:LbwWRS5sc+ID9NODMQ7XJAK4bIrZ+sTkpUjHfK65Pl/jTz:jRS53NODMNbIrZ/Tdj/759z

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ANS2000.INI	1925e2bc7b1f1de32976828c2b635fab.exe
File opened for modification	C:\Windows\system.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File opened for modification	C:\Windows\win.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File created	C:\Windows\a3kebook.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File opened for modification	C:\Windows\akebook.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File created	C:\Windows\akebook.ini	1925e2bc7b1f1de32976828c2b635fab.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	1925e2bc7b1f1de32976828c2b635fab.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	1925e2bc7b1f1de32976828c2b635fab.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	1925e2bc7b1f1de32976828c2b635fab.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2424	1925e2bc7b1f1de32976828c2b635fab.exe
2424	1925e2bc7b1f1de32976828c2b635fab.exe
2424	1925e2bc7b1f1de32976828c2b635fab.exe
2424	1925e2bc7b1f1de32976828c2b635fab.exe

C:\Users\Admin\AppData\Local\Temp\1925e2bc7b1f1de32976828c2b635fab.exe
"C:\Users\Admin\AppData\Local\Temp\1925e2bc7b1f1de32976828c2b635fab.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VGX6BDE.tmp

Filesize
18KB

MD5
4907372316718a4049031cb1fbffbcaa

SHA1
02ac5275ec06d9b1817452d43dbcd0d43d2616c0

SHA256
d431d1fba117e588ec491ad130077a9ec8d0c8c15035aa1ed6008f5aa5740f97

SHA512
1de920f95916f20181c272e5a579df4b8b256b4883fe8550238bf664356af6c79d3f61b00ab98643f3c62cffb111173b5013a5e5e6a1e449cbef0aaad98f2fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX6BFE.tmp

Filesize
5KB

MD5
fab73a467d7d42828c8827243ccec190

SHA1
0d3c49bc8cb7e6a1477b0c68cddb80aec485398d

SHA256
5a8e64982859c49e7d8c9251c68cdb6c852788e3904f8272326ba5ec59dba649

SHA512
f47eb3d8ac450327cf338a49c6b264214f62a3de116d7fbe0c1965dc69640765ded0996db9bc1a4a0dd1b6e1a669a39beb666582aaf334501522854e23e916bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX6C0F.tmp

Filesize
42KB

MD5
8d4cbf8d20eed83c9f15f1ef93b6c32b

SHA1
661ecba163e27928ab4b4502fc98c9a8bf74abb4

SHA256
dd12f5f4407db5e1c09c5f55fe915117bea0505af9b636b6c76b2ed5bc87d296

SHA512
63ff79257c66429118c8c9704797339b38f4885786543c16911070909ce08e8ddf1a09317db34f96dc19f3bf7581f88b4f0911e36e881dc73c7ad43ccab161c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX6C1F.tmp

Filesize
27KB

MD5
fda05ab8c47441426ffbc5c445c2e1e1

SHA1
da8052a5c9d773cd63648e4bf5df759043191bac

SHA256
209c1f27f995b667a025bb5977b2b17cbaf97809ebdfb0dd321d3e2209bedd15

SHA512
d1a651c9d6cb6e8745947234effa97129f3755003aeedd6332f58629201cf209fe8ca97dc417a17ad096c91903cfd8539edd25a3c57cbdd034a67f956e1f1922

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX6C30.tmp

Filesize
35KB

MD5
fa3082ded851db5e81161cd25ce1a05a

SHA1
34037d042cd4473d07685861fd1b5b980781f6bf

SHA256
8d5b36d4b771541d6057e42a1a7d9905add8c1bc26ba08d167f576d89df8d645

SHA512
1b57874d9117906010d99fd01f3d288b344e737bd3d487b910058a3338128787708d85adc8f1c098bea69c45513c7c61946e4c20caf86788fd5a040c9375ed55

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX6C31.tmp

Filesize
28KB

MD5
8b853d9307e1ed769888012da81fce82

SHA1
1dacf3ec24fc00cc4db3344a84ae39b423dddc88

SHA256
ed18e9c25590d976d923448eee0b69ebb6f472f874b21f89e69ef6e8ecf5e11e

SHA512
52102b5199f4f199128389c2749a1ee5f2d2d8e722c3f03545018c871135c1eaab17389252b3a03d5e34b7692d68f33525ac73963017bccdba4b311947b51dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX6C42.tmp

Filesize
31KB

MD5
eac8c39dda105d4eac117aa45df85eae

SHA1
edd739ed6beffb798611c20e6d1824d8857f34a9

SHA256
cdbdb9f0018d0ccc79030d9f8fbf6c13a00c57388b529f2fcfeaeb8d3f998a58

SHA512
1e0e741322952eeda31de069fe12a8a8668674b3fd20e6bade17f73b6a3746cc7c465288d4caa988e2b02b31d9bc210c8e5a8561a763dae5a0ba9637d1a352be

Download Submit
C:\Users\Admin\AppData\Local\Temp\e\88323-091114-090740-93.a2k\index.htm

Filesize
60KB

MD5
aaaff62206587a72bb3acf092174fe63

SHA1
a17fc036ab475efb0de3bb2a42dbd789637420ef

SHA256
fd7aa318a02261e68c2b20ee9121efa802e92b4775fe7269ad95c76e21a6a041

SHA512
19845127ea9112e7d27ca0c11178b437f881832d0e3c0cf89f3a295cf131cdc42a4efc5716cf29fc9322fd9f7db25e6ac36a6659f42124b6fdb057b21dda5eb9

Download Submit
C:\Windows\system.ini

Filesize
277B

MD5
3fc6909df7a2af35d7b467947230ac23

SHA1
23ab852220f8f4f55556f37c591d60c066cc034f

SHA256
62698469aea334aceabd149152d2798a62ab1cbd7235800f5a515f7291a6a602

SHA512
16e8872864d77ddb536c4d9eb4c52b6ce6529d57cbd88c39058a6a2cce4e329732539b2ca445eb1b51d08b2aa715ffd6b4e703c59d92b0d6f2906b53d4bcbc3d

Download Submit
C:\Windows\win.ini

Filesize
569B

MD5
92beccbdc0f19fb54aec85916fc8208d

SHA1
d3a0eeb137900b798f5c6fe11a87c5ccd27d1472

SHA256
27c05010749f3c1897421c5bdb9d6a2990159ad0b3a0ec44753f91b4e2aeff69

SHA512
704dcc62dd4cca1c9103f728e7b2ada154aa411df9fbccb25408e558970750bc16e4949b4825e9231694e0b110875f78091812522bc6a1055cee19c754b0d71b

Download Submit