22f8476a171863bf2c917a55c48d04ac6d84a3cb4d55fdc86da7b4c3d835f46f

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a48c68a16bc9f6318e23200a7e01a2c.exe
Size

550KB
MD5

2a48c68a16bc9f6318e23200a7e01a2c
SHA1

605780e33f0712ba3bffdc20601973958432883f
SHA256

22f8476a171863bf2c917a55c48d04ac6d84a3cb4d55fdc86da7b4c3d835f46f
SHA512

b6b7aa00a562b72de1c477764b5bcef1ef434b8bcd6a54bd772fc1529265434d79a6f22cb0f111d0c81c9597f770521c244bdcba005a46cc131c202e5e0c8d9f
SSDEEP

6144:GsWPjZjMU4p+P2DSZ21TbYFfzEp8gw28WV2Gd4+Sn6U8QHYrT1YYT:GNtjMU3Wa65bwWjAiQHAT1H

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1352	2a48c68a16bc9f6318e23200a7e01a2c.exe
1352	2a48c68a16bc9f6318e23200a7e01a2c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	2a48c68a16bc9f6318e23200a7e01a2c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1352	2a48c68a16bc9f6318e23200a7e01a2c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1352	2a48c68a16bc9f6318e23200a7e01a2c.exe
1352	2a48c68a16bc9f6318e23200a7e01a2c.exe

C:\Users\Admin\AppData\Local\Temp\2a48c68a16bc9f6318e23200a7e01a2c.exe
"C:\Users\Admin\AppData\Local\Temp\2a48c68a16bc9f6318e23200a7e01a2c.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\jki3D00.tmp

Filesize
410KB

MD5
576d692e601a9baca0b0843c680f7b89

SHA1
700647ebb7a5fb7dbf1b754805b49ca03f0e58c4

SHA256
293d82fdbecf48894fe89fb0b64b967c30914707f5a68ee97fedcaad939a3b0f

SHA512
318736a11e30ef7ca4d1b511267e6ac713366beba8c107d9a0c3c24b4c089c9cb99fe4d7cf21323ad0085d995a2c6260de76b2a30850f5cd859d4727e8f1ce46

Download Submit
\Users\Admin\AppData\Local\Temp\jki3D00.tmp

Filesize
293KB

MD5
420e4c440afb0cb2feadd15354bc3d54

SHA1
d8083a3ef9442e269312b636acb4f89efaf35f18

SHA256
fe5c39b5c22491db5d9d45f8beb5bea5c8a10964fbb7cd365c81e18bb3f318ae

SHA512
b2f48078531ae34c253795e32bf23ffb75411fd1d121cf191dab43ad30676c7a562fca83b9caf12eb8d8eb2cf4a1812b9f02663c58b792207e9ca654a24c96dc

Download Submit
memory/1352-8-0x0000000000530000-0x0000000000570000-memory.dmp

Filesize
256KB

Download
memory/1352-5-0x0000000073EB0000-0x000000007459E000-memory.dmp

Filesize
6.9MB

Download
memory/1352-6-0x0000000000530000-0x0000000000570000-memory.dmp

Filesize
256KB

Download
memory/1352-7-0x0000000000370000-0x000000000037C000-memory.dmp

Filesize
48KB

Download
memory/1352-4-0x0000000000410000-0x0000000000480000-memory.dmp

Filesize
448KB

Download
memory/1352-9-0x0000000000530000-0x0000000000570000-memory.dmp

Filesize
256KB

Download
memory/1352-15-0x000000000A280000-0x000000000AA26000-memory.dmp

Filesize
7.6MB

Download
memory/1352-20-0x0000000073EB0000-0x000000007459E000-memory.dmp

Filesize
6.9MB

Download
memory/1352-21-0x0000000000530000-0x0000000000570000-memory.dmp

Filesize
256KB

Download
memory/1352-24-0x0000000073EB0000-0x000000007459E000-memory.dmp

Filesize
6.9MB

Download
memory/1352-25-0x0000000000530000-0x0000000000570000-memory.dmp

Filesize
256KB

Download