bf62d4833960e5c82cec8236efd58ed16964b9e57fc0ba803bb461f22847768e

Analysis

max time kernel
163s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19b3f52c0ada0bd2bee71d7744b3c9c1.exe
Size

592KB
MD5

19b3f52c0ada0bd2bee71d7744b3c9c1
SHA1

30294ce2627bb467ceadfa92186d627dab60e77b
SHA256

bf62d4833960e5c82cec8236efd58ed16964b9e57fc0ba803bb461f22847768e
SHA512

f993afb6aea5b75cec1dda46a5de6a3e0a86046287f090e37c10913abd74de16746c5df5c28c594600f670d5f3319de879a18305532cb745f119b2b690fc7f5c
SSDEEP

12288:gfw5jx97iTFHwZ4R4ymmF3Z4mxxwV1quiY3+tK4TTxd:35jP7UGE4KQmXwMYY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4496	System

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system\System	19b3f52c0ada0bd2bee71d7744b3c9c1.exe
File opened for modification	C:\Windows\system\System	19b3f52c0ada0bd2bee71d7744b3c9c1.exe
File created	C:\Windows\Delete.bat	19b3f52c0ada0bd2bee71d7744b3c9c1.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	System
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	System
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	System
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	System
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	System

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4496	System

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 4664	2740	19b3f52c0ada0bd2bee71d7744b3c9c1.exe	93
PID 2740 wrote to memory of 4664	2740	19b3f52c0ada0bd2bee71d7744b3c9c1.exe	93
PID 2740 wrote to memory of 4664	2740	19b3f52c0ada0bd2bee71d7744b3c9c1.exe	93

C:\Users\Admin\AppData\Local\Temp\19b3f52c0ada0bd2bee71d7744b3c9c1.exe
"C:\Users\Admin\AppData\Local\Temp\19b3f52c0ada0bd2bee71d7744b3c9c1.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Delete.bat
  2⤵
  PID:4664

C:\Windows\system\System
C:\Windows\system\System
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
PID:4496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Delete.bat

Filesize
186B

MD5
594efc25e6bddd08f26a4206d1e76a1b

SHA1
ed6d65089611541da75572a4ea50ed131c42c89c

SHA256
090ad02e606ec380f42cf3889f6cc48e50773027abcb4d5241878b2dc39c017d

SHA512
54b9189c0ef151e014aea2bb5ca5e2c3af33b9c82e068aa9aee8d5935e0e9e2b7122922ba3df7a7acf2936adb89dd636696803c3fe9a6752275c6c70b8b724f4

Download Submit
C:\Windows\System\System

Filesize
216KB

MD5
1b42cc23adf723b86f1edf7b381d0707

SHA1
53facfab5cbb0e837fd7985bf073583453d752db

SHA256
9a15093bc55d7f3ab19830642514a51e37aa4486c2a16a5f5d4aceff4e54f5d5

SHA512
cff593fbb0fd43f10d732164883321d3377de4b35899ddb4a407d2d5cfae0564c693cebee8469aadf48daf77eaa20671546b7978e56c92adb8d003924d4930d5

Download Submit
C:\Windows\system\System

Filesize
242KB

MD5
55126462a04be1eede87ccf11d7bdf29

SHA1
cde075773ab85b0b16d3a8317be3d92e882db129

SHA256
f95aa923c9b56e6761464e7b8993adb127a0652289758fc641077b132dce5270

SHA512
eed763af162d8d59145c9e75a415379d97d63929563f9a4d73350c5d1961519984a690e9c97f86b28585a7e80e99b7df6314869e79506f2c9b315cf57aeee4c2

Download Submit
memory/2740-19-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/2740-23-0x00000000025C0000-0x00000000025C1000-memory.dmp

Filesize
4KB

Download
memory/2740-2-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/2740-3-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2740-5-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2740-6-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2740-7-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2740-4-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2740-15-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/2740-31-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/2740-30-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/2740-29-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/2740-28-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/2740-27-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/2740-26-0x00000000022B0000-0x00000000022B1000-memory.dmp

Filesize
4KB

Download
memory/2740-25-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2740-24-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/2740-17-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/2740-22-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/2740-21-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2740-20-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/2740-0-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/2740-18-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/2740-1-0x00000000022D0000-0x0000000002324000-memory.dmp

Filesize
336KB

Download
memory/2740-12-0x0000000002550000-0x0000000002551000-memory.dmp

Filesize
4KB

Download
memory/2740-14-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2740-13-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/2740-16-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2740-11-0x00000000034F0000-0x00000000034F3000-memory.dmp

Filesize
12KB

Download
memory/2740-10-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2740-9-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/2740-8-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/2740-50-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/2740-51-0x00000000022D0000-0x0000000002324000-memory.dmp

Filesize
336KB

Download
memory/4496-48-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/4496-36-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/4496-45-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/4496-46-0x0000000000720000-0x0000000000774000-memory.dmp

Filesize
336KB

Download
memory/4496-44-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/4496-49-0x00000000021D0000-0x00000000021D1000-memory.dmp

Filesize
4KB

Download
memory/4496-47-0x00000000011D0000-0x00000000011D1000-memory.dmp

Filesize
4KB

Download
memory/4496-37-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/4496-43-0x0000000002090000-0x0000000002091000-memory.dmp

Filesize
4KB

Download
memory/4496-42-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/4496-39-0x00000000011A0000-0x00000000011A1000-memory.dmp

Filesize
4KB

Download
memory/4496-38-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/4496-53-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download