d5d815de5a9b110f0903ec720d67b8a91e910d6dfcc8d72d5f945adbe6b9eef4

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1925e2bc7b1f1de32976828c2b635fab.exe
Size

606KB
MD5

1925e2bc7b1f1de32976828c2b635fab
SHA1

1587dcfca37249e68180374aadfe4409a2fce9ae
SHA256

d5d815de5a9b110f0903ec720d67b8a91e910d6dfcc8d72d5f945adbe6b9eef4
SHA512

22d506433c006a8807a0d0736413c085d38cdbea825d60cd4763acb2eedc16d1b82309af5d0e8f475366c4abe436b2a70a4cdd3db8d75f6ee06adb4efa452148
SSDEEP

12288:LbwWRS5sc+ID9NODMQ7XJAK4bIrZ+sTkpUjHfK65Pl/jTz:jRS53NODMNbIrZ/Tdj/759z

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ANS2000.INI	1925e2bc7b1f1de32976828c2b635fab.exe
File opened for modification	C:\Windows\system.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File opened for modification	C:\Windows\win.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File created	C:\Windows\a3kebook.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File opened for modification	C:\Windows\akebook.ini	1925e2bc7b1f1de32976828c2b635fab.exe
File created	C:\Windows\akebook.ini	1925e2bc7b1f1de32976828c2b635fab.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\IESettingSync	1925e2bc7b1f1de32976828c2b635fab.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	1925e2bc7b1f1de32976828c2b635fab.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	1925e2bc7b1f1de32976828c2b635fab.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	1925e2bc7b1f1de32976828c2b635fab.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1888	1925e2bc7b1f1de32976828c2b635fab.exe
1888	1925e2bc7b1f1de32976828c2b635fab.exe
1888	1925e2bc7b1f1de32976828c2b635fab.exe
1888	1925e2bc7b1f1de32976828c2b635fab.exe

C:\Users\Admin\AppData\Local\Temp\1925e2bc7b1f1de32976828c2b635fab.exe
"C:\Users\Admin\AppData\Local\Temp\1925e2bc7b1f1de32976828c2b635fab.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\VGX7540.tmp

Filesize
18KB

MD5
4907372316718a4049031cb1fbffbcaa

SHA1
02ac5275ec06d9b1817452d43dbcd0d43d2616c0

SHA256
d431d1fba117e588ec491ad130077a9ec8d0c8c15035aa1ed6008f5aa5740f97

SHA512
1de920f95916f20181c272e5a579df4b8b256b4883fe8550238bf664356af6c79d3f61b00ab98643f3c62cffb111173b5013a5e5e6a1e449cbef0aaad98f2fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX7570.tmp

Filesize
5KB

MD5
fab73a467d7d42828c8827243ccec190

SHA1
0d3c49bc8cb7e6a1477b0c68cddb80aec485398d

SHA256
5a8e64982859c49e7d8c9251c68cdb6c852788e3904f8272326ba5ec59dba649

SHA512
f47eb3d8ac450327cf338a49c6b264214f62a3de116d7fbe0c1965dc69640765ded0996db9bc1a4a0dd1b6e1a669a39beb666582aaf334501522854e23e916bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX7591.tmp

Filesize
42KB

MD5
8d4cbf8d20eed83c9f15f1ef93b6c32b

SHA1
661ecba163e27928ab4b4502fc98c9a8bf74abb4

SHA256
dd12f5f4407db5e1c09c5f55fe915117bea0505af9b636b6c76b2ed5bc87d296

SHA512
63ff79257c66429118c8c9704797339b38f4885786543c16911070909ce08e8ddf1a09317db34f96dc19f3bf7581f88b4f0911e36e881dc73c7ad43ccab161c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX7592.tmp

Filesize
27KB

MD5
fda05ab8c47441426ffbc5c445c2e1e1

SHA1
da8052a5c9d773cd63648e4bf5df759043191bac

SHA256
209c1f27f995b667a025bb5977b2b17cbaf97809ebdfb0dd321d3e2209bedd15

SHA512
d1a651c9d6cb6e8745947234effa97129f3755003aeedd6332f58629201cf209fe8ca97dc417a17ad096c91903cfd8539edd25a3c57cbdd034a67f956e1f1922

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX75A2.tmp

Filesize
35KB

MD5
fa3082ded851db5e81161cd25ce1a05a

SHA1
34037d042cd4473d07685861fd1b5b980781f6bf

SHA256
8d5b36d4b771541d6057e42a1a7d9905add8c1bc26ba08d167f576d89df8d645

SHA512
1b57874d9117906010d99fd01f3d288b344e737bd3d487b910058a3338128787708d85adc8f1c098bea69c45513c7c61946e4c20caf86788fd5a040c9375ed55

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX75A3.tmp

Filesize
28KB

MD5
8b853d9307e1ed769888012da81fce82

SHA1
1dacf3ec24fc00cc4db3344a84ae39b423dddc88

SHA256
ed18e9c25590d976d923448eee0b69ebb6f472f874b21f89e69ef6e8ecf5e11e

SHA512
52102b5199f4f199128389c2749a1ee5f2d2d8e722c3f03545018c871135c1eaab17389252b3a03d5e34b7692d68f33525ac73963017bccdba4b311947b51dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\VGX75A4.tmp

Filesize
31KB

MD5
eac8c39dda105d4eac117aa45df85eae

SHA1
edd739ed6beffb798611c20e6d1824d8857f34a9

SHA256
cdbdb9f0018d0ccc79030d9f8fbf6c13a00c57388b529f2fcfeaeb8d3f998a58

SHA512
1e0e741322952eeda31de069fe12a8a8668674b3fd20e6bade17f73b6a3746cc7c465288d4caa988e2b02b31d9bc210c8e5a8561a763dae5a0ba9637d1a352be

Download Submit
C:\Users\Admin\AppData\Local\Temp\e\88323-091114-090740-93.a2k\index.htm

Filesize
9KB

MD5
c86a29ba141ec2839f4d2e730d2d31ec

SHA1
0f6b5f74dff67f40522b344e15beb8d7a2d34d1a

SHA256
77754e1955e642b61180dbf99124ccdeada18d16be05c2b4a56f11330caf6a00

SHA512
6e8803af1538f71de66184b731c2a2f38877e2757515e948239efcba6a37779d89ec787f1d972e31c09f6e15028e3bf9f9f5220363c2ac014efa3598339acf0c

Download Submit
C:\Windows\system.ini

Filesize
277B

MD5
a27239b072ad7e32fa27b2f8cd61bc4a

SHA1
1cdf408d5361137b230db65a399700bd9788dd7e

SHA256
f9e89f354a8b5642a55b9ca5c71351784ecb252df79821a8eb458b8cec43aa69

SHA512
487ca9d38eac8ec067c944fe7280c328eeaac9e0894199d763b5c3592976ca6190f87046f9b6cd1f1d1401ac41ccd05f3398cd1b63eaefa4e6605f8719b04315

Download Submit
C:\Windows\win.ini

Filesize
183B

MD5
0247476e71108f005f649204b456f518

SHA1
cc42494d850193799562e2c6aef7473b9d4f4325

SHA256
03fe187ec1518aa33cda1e24b71f592af45fde835abb92cc03db7e568efefa13

SHA512
d634a8b44c8db0c72fafda92b9c034ff3dc61c8e37d2358821c94380b72afc7668a283ad6ef5c553e15be13cf74385e396f431489968d278fa716260f20daa94

Download Submit