16fa2176e16026131bf1a5e88e52b440695471731309e0cd5f4fa91a574c0a15

Analysis

max time kernel
52s
max time network
40s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

241fbda025a3ea88fbd4da598a336db7.exe
Size

1.1MB
MD5

241fbda025a3ea88fbd4da598a336db7
SHA1

0ca3fa4316bfa2e733ea59a642615b1d04d2ac02
SHA256

16fa2176e16026131bf1a5e88e52b440695471731309e0cd5f4fa91a574c0a15
SHA512

9a880f8f830103379ca808e4a065ff4b2f7b78c4af011ab97bbf3be5010b6e977962d234eea6078e49e99e5a5750e32e1e6deedd5871afc2c2686337059f4d99
SSDEEP

24576:4WvknOMEfy2YzKCmjTEVfvtBVBFz1PIETrH6jROQ4iQi:4UeOMm2CXEVfjDh1jEO7di

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2372	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
1320	241fbda025a3ea88fbd4da598a336db7.exe
2372	Setup.exe
2372	Setup.exe
2372	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2372	1320	241fbda025a3ea88fbd4da598a336db7.exe	29
PID 1320 wrote to memory of 2372	1320	241fbda025a3ea88fbd4da598a336db7.exe	29
PID 1320 wrote to memory of 2372	1320	241fbda025a3ea88fbd4da598a336db7.exe	29
PID 1320 wrote to memory of 2372	1320	241fbda025a3ea88fbd4da598a336db7.exe	29
PID 1320 wrote to memory of 2372	1320	241fbda025a3ea88fbd4da598a336db7.exe	29
PID 1320 wrote to memory of 2372	1320	241fbda025a3ea88fbd4da598a336db7.exe	29
PID 1320 wrote to memory of 2372	1320	241fbda025a3ea88fbd4da598a336db7.exe	29

C:\Users\Admin\AppData\Local\Temp\241fbda025a3ea88fbd4da598a336db7.exe
"C:\Users\Admin\AppData\Local\Temp\241fbda025a3ea88fbd4da598a336db7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Users\Admin\AppData\Local\Temp\a2SrXxNzPh\LrHrO1qN\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2SrXxNzPh\LrHrO1qN\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2SrXxNzPh\LrHrO1qN\Setup.exe

Filesize
12KB

MD5
de06684a702f2b92b73ecc70a5c113fa

SHA1
e86be1bff23b805a5c1fd0a29467cfbe9350660f

SHA256
c2c2a8302bb232ed92a965e138f8ee718c02b593c4e6c3224ab88c5e3df55de6

SHA512
0b9294fe8345713a5b9e926d613a02d36ad6bc1eb5eb232128be7f5df80cc095bfb8d3166677a5f57dad691c4188d43f3f733a180302fb236f1a3c741ba04f92

Download Submit
\Users\Admin\AppData\Local\Temp\a2SrXxNzPh\LrHrO1qN\Setup.exe

Filesize
5KB

MD5
ddcb9a23df47c88af1e13f40786b5cc3

SHA1
8179234e399a64ad95d694180091ceebe8ab5767

SHA256
ebc67d2dabdc4a86089c51280baa7ef562920d90e96c8b5145b5b64b8afcba4a

SHA512
e26af6f89dae9e1816fd1ad0ea26b501348a08f7023dab0dc70b5ba6ebcc9d9ed8ed5b667a2a2d11a16f829ca2ec6fca39311be7a35d131fafc9169c50903613

Download Submit
\Users\Admin\AppData\Local\Temp\a2SrXxNzPh\LrHrO1qN\Setup.exe

Filesize
35KB

MD5
60016fadb18bf35cca1e7ccef5ef69a1

SHA1
0a4d34e2a947c29b1fcc56ab17afb40ffb8c15ae

SHA256
c4f18e04f052a5d385d44f39d64abc70eb7784d8b7c93bbe237d499d29b351b0

SHA512
f73052e39723695310e8eccd2d92f68a8a8ccc6db7c4919f9c8ee9b6b868bfd0e262ec847ac61f6130b25cfb640727a6c2d16f435d54ee1730a8dbe5cd31ca7d

Download Submit
\Users\Admin\AppData\Local\Temp\a2SrXxNzPh\LrHrO1qN\Setup.exe

Filesize
40KB

MD5
528c9d95892bea75be5bde4b62a49100

SHA1
8cf194e812eaa89115a817c422d93723b1ca40dd

SHA256
cd5067ddedb1935bfe1b3bb28637b54ff6d5f36588d5a9824dec932f195d427f

SHA512
28307fb5c87acabe3176bc787c9d51758ffc533933fa485d7abe74b796daf45e1a0f36902b299b96d3fd3448d55607fb6efe8705e17298e1e6969044851b39db

Download Submit
\Users\Admin\AppData\Local\Temp\a2SrXxNzPh\LrHrO1qN\Setup.exe

Filesize
1KB

MD5
ac5d25a4242d98504041255bc3b9a78c

SHA1
0277b487153661a6cede4c5f4ddce22717d5938f

SHA256
10adb9118328e3233189ed28bf632d7e511f68f43913f1396277a8f6d7f6fd4e

SHA512
e9a106661b56ac23ef7e883854bd86be70215c2810d7d15d3c8ceb5ee286ae571c0a42dc5952f6d21a5d17b3779c9ababeeacbc1b942d44b662ce9a2eb122770

Download Submit
memory/1320-52-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-62-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-11-0x0000000000400000-0x000000000051E914-memory.dmp

Filesize
1.1MB

Download
memory/1320-9-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-64-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-17-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-22-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-23-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-29-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-31-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-30-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-28-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-27-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-26-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-25-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-24-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-34-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-36-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-35-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-40-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-44-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-48-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-54-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-56-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-55-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-53-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-57-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-58-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-60-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-59-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-2-0x0000000000400000-0x000000000051E914-memory.dmp

Filesize
1.1MB

Download
memory/1320-61-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-13-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-8-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-15-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-65-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-51-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-50-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-49-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-47-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-46-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-45-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-43-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-42-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-41-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-39-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-37-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-38-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-33-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-145-0x0000000077170000-0x0000000077280000-memory.dmp

Filesize
1.1MB

Download
memory/1320-32-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-21-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-20-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-19-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-203-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-18-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-16-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-63-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-0-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-14-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-12-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-10-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-7-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-1-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/1320-852-0x0000000077170000-0x0000000077280000-memory.dmp

Filesize
1.1MB

Download
memory/1320-853-0x0000000001DD0000-0x0000000001ECD000-memory.dmp

Filesize
1012KB

Download
memory/2372-843-0x0000000001E30000-0x0000000001F2D000-memory.dmp

Filesize
1012KB

Download
memory/2372-625-0x0000000001E30000-0x0000000001F2D000-memory.dmp

Filesize
1012KB

Download