13710119f066b30e07392c1f2c38e0883b7f93a05e4692387df97fc215ab00ec

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36dd91eaf5035248224a3aadf77b7b5e.exe
Size

1.1MB
MD5

36dd91eaf5035248224a3aadf77b7b5e
SHA1

d12fa01b8e4546c933915d9d20a19e9dff71df24
SHA256

13710119f066b30e07392c1f2c38e0883b7f93a05e4692387df97fc215ab00ec
SHA512

2c2dba00c3cbf6f826ecc8aab3b78d3ef1f55b13b78eaa7ecf29086f4551eb803afaeaeaa5895847f2f8bbe86a9bed75a74ad4f3d60b8ab14165c71dce3b21eb
SSDEEP

24576:qWvknOMEfAqeeoUZIfqfRWWR06wDUqzuhiBxyYW1uAhcu:qUeOMm3oUZ7Wa06wDdueQYgL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2572	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
1944	36dd91eaf5035248224a3aadf77b7b5e.exe
2572	Setup.exe
2572	Setup.exe
2572	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2572	1944	36dd91eaf5035248224a3aadf77b7b5e.exe	28
PID 1944 wrote to memory of 2572	1944	36dd91eaf5035248224a3aadf77b7b5e.exe	28
PID 1944 wrote to memory of 2572	1944	36dd91eaf5035248224a3aadf77b7b5e.exe	28
PID 1944 wrote to memory of 2572	1944	36dd91eaf5035248224a3aadf77b7b5e.exe	28
PID 1944 wrote to memory of 2572	1944	36dd91eaf5035248224a3aadf77b7b5e.exe	28
PID 1944 wrote to memory of 2572	1944	36dd91eaf5035248224a3aadf77b7b5e.exe	28
PID 1944 wrote to memory of 2572	1944	36dd91eaf5035248224a3aadf77b7b5e.exe	28

C:\Users\Admin\AppData\Local\Temp\36dd91eaf5035248224a3aadf77b7b5e.exe
"C:\Users\Admin\AppData\Local\Temp\36dd91eaf5035248224a3aadf77b7b5e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe

Filesize
83KB

MD5
209005c86fbc2b45dcfdfb1b65086d80

SHA1
a3dba57b215044523f25d1ec46217081a1460035

SHA256
6f419187e8b1a576229c3a4435d81bb5caaf2ccc280506e708c1eb9289b1d4e7

SHA512
d64dd2945c9022fb21431cb73766cd9e16e895b3ebfdebde870c262aa6667da734a192e5069efc6bff7cdc6650501ff34410772cfe2da45ebce768c30df44dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe

Filesize
67KB

MD5
9755844bcd510467677b5d8423acbd68

SHA1
0d43e02ee8a55d052a44311a9360f696626b5b52

SHA256
941053f3ed45875e4d83b2449ad2db2a6b0144e10e6a1adbaf7ff24e4d07a89f

SHA512
7a50e456428008ca62dd5feac6da5557cc00622acfc57481a0cc5feef01aa8a8003933f11f6935a7131ab55a5823678ea912771cdef39400e36ab46a70fba470

Download Submit
\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe

Filesize
66KB

MD5
3881575cd37925319c708eb1401b4051

SHA1
c895079d10913242a5ebaadff0192d0723183bb6

SHA256
8e4451d19b22e33967e24d901bf3fb9e48f38a0e8c968f948610731f71f6e3ed

SHA512
e6487090b74311eb5c3a233fa2698a11a29833d60266820e0edfe243434aec98930c2d9a11cfe587fc4e5759364fed1205b1c33e1e4ce8657be035a51b27a781

Download Submit
\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe

Filesize
47KB

MD5
d6387e597c194c9d13fee5c8c76a30b2

SHA1
3e717a28589bb2018ececf3fd065a46dfa7f1ae2

SHA256
863f8e3588727e583eb329b5fd1cbb4e453c7a5e27994964012e0b5e04e561a2

SHA512
fd0c7a6c67408cc05e0a0f2717bb75049ed555f9190c4ab960dbf886ad672b1ddb6d70f9380a0bcbd21241d5ec0517c23ed4c0cc9ec54e7fe1337128b01cfd59

Download Submit
\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe

Filesize
35KB

MD5
7c4dd9d3b88adeb9d785b21e8f274335

SHA1
95ff88eb48a3864619e9a4b427f7fbe4ae039b76

SHA256
a2ce6ffdcabf237a8a9bfada4c3b8340f40cceaeeb36da81869b2b65e0e30993

SHA512
f9378074faac12a9babe93ff20c1bde951f9a9c42e015c7a626b6974ea8d3dfc87348d5b213c567840534636d9cfed4d3e92bd8d861d4ba4b5a101b34ca5ac57

Download Submit
\Users\Admin\AppData\Local\Temp\a2j4gRVRjt\B4RPtg1K\Setup.exe

Filesize
92KB

MD5
5c4517c4e4e5aec3438ef2397d0b604a

SHA1
133a312a2b08bd3393c9f204c826647c32878a06

SHA256
66dad49ed2a9e1ebab26d941f45aaa2d74bc7b89ccce435ddd3898f16a182dca

SHA512
f8e4146c8628720a97fad969a682ecd77c7461c40885d719356b8b3603788d121e637605c880e22edefed355d06f9a34878314b106575a58d7a5b7fd21820724

Download Submit
memory/1944-47-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-9-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-10-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-11-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-12-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/1944-49-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-2-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-14-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-15-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-55-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-18-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-19-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-20-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-23-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-21-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-22-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-26-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-27-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-28-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-30-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-31-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-33-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-35-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-39-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-41-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-42-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-44-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-43-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-40-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-45-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-8-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-48-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-52-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-53-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-835-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-7-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-17-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-50-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-59-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-63-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-64-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-65-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-66-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-62-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-61-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-60-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-58-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-57-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-56-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-54-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-46-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-38-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-37-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-36-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-34-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-32-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-29-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-25-0x0000000076EB0000-0x0000000076FC0000-memory.dmp

Filesize
1.1MB

Download
memory/1944-0-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-24-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-16-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-13-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-1-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/1944-203-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-854-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-51-0x0000000001DB0000-0x0000000001EAE000-memory.dmp

Filesize
1016KB

Download
memory/1944-853-0x0000000076EB0000-0x0000000076FC0000-memory.dmp

Filesize
1.1MB

Download
memory/2572-844-0x0000000001FF0000-0x00000000020EE000-memory.dmp

Filesize
1016KB

Download
memory/2572-623-0x0000000001FF0000-0x00000000020EE000-memory.dmp

Filesize
1016KB

Download