Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 02:41
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
24da857627324ee0ea08b24d38f21944.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
24da857627324ee0ea08b24d38f21944.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
24da857627324ee0ea08b24d38f21944.exe
-
Size
3KB
-
MD5
24da857627324ee0ea08b24d38f21944
-
SHA1
0828769d394db52595a3f4f015ecec5ea4b9fa30
-
SHA256
ea9c45e206773a865afa73e18c2b4fff22cd797cee3640e8e12409204643346a
-
SHA512
58ccb5e89ab8fa913f6c2dfed5f5658c5dbea6c9a07b451b057c4e0bcf4692c8067b1a00b459c905dd5c006f4bc45aed9c7b1f21c628bf89ec92d913947e294c
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat 24da857627324ee0ea08b24d38f21944.exe -
Modifies data under HKEY_USERS 24 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings 24da857627324ee0ea08b24d38f21944.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f0093000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 24da857627324ee0ea08b24d38f21944.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D5A799A3-80DE-45E7-BEA2-8BFA2299AFCD}\WpadDecisionReason = "1" 24da857627324ee0ea08b24d38f21944.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a6-c0-83-b8-61-de 24da857627324ee0ea08b24d38f21944.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a6-c0-83-b8-61-de\WpadDecisionReason = "1" 24da857627324ee0ea08b24d38f21944.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a6-c0-83-b8-61-de\WpadDecision = "0" 24da857627324ee0ea08b24d38f21944.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ 24da857627324ee0ea08b24d38f21944.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1" 24da857627324ee0ea08b24d38f21944.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" 24da857627324ee0ea08b24d38f21944.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D5A799A3-80DE-45E7-BEA2-8BFA2299AFCD}\WpadDecisionTime = 50d1e0d60d3dda01 24da857627324ee0ea08b24d38f21944.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D5A799A3-80DE-45E7-BEA2-8BFA2299AFCD}\WpadNetworkName = "Network 3" 24da857627324ee0ea08b24d38f21944.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\a6-c0-83-b8-61-de\WpadDecisionTime = 50d1e0d60d3dda01 24da857627324ee0ea08b24d38f21944.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 24da857627324ee0ea08b24d38f21944.exe Set value (data) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 24da857627324ee0ea08b24d38f21944.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad 24da857627324ee0ea08b24d38f21944.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D5A799A3-80DE-45E7-BEA2-8BFA2299AFCD}\WpadDecision = "0" 24da857627324ee0ea08b24d38f21944.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D5A799A3-80DE-45E7-BEA2-8BFA2299AFCD}\a6-c0-83-b8-61-de 24da857627324ee0ea08b24d38f21944.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0" 24da857627324ee0ea08b24d38f21944.exe Set value (int) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0" 24da857627324ee0ea08b24d38f21944.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix 24da857627324ee0ea08b24d38f21944.exe Set value (str) \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" 24da857627324ee0ea08b24d38f21944.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{D5A799A3-80DE-45E7-BEA2-8BFA2299AFCD} 24da857627324ee0ea08b24d38f21944.exe Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings 24da857627324ee0ea08b24d38f21944.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections 24da857627324ee0ea08b24d38f21944.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\24da857627324ee0ea08b24d38f21944.exe"C:\Users\Admin\AppData\Local\Temp\24da857627324ee0ea08b24d38f21944.exe"1⤵PID:2352
-
C:\Users\Admin\AppData\Local\Temp\24da857627324ee0ea08b24d38f21944.exeC:\Users\Admin\AppData\Local\Temp\24da857627324ee0ea08b24d38f21944.exe -A1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1132