13710119f066b30e07392c1f2c38e0883b7f93a05e4692387df97fc215ab00ec

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36dd91eaf5035248224a3aadf77b7b5e.exe
Size

1.1MB
MD5

36dd91eaf5035248224a3aadf77b7b5e
SHA1

d12fa01b8e4546c933915d9d20a19e9dff71df24
SHA256

13710119f066b30e07392c1f2c38e0883b7f93a05e4692387df97fc215ab00ec
SHA512

2c2dba00c3cbf6f826ecc8aab3b78d3ef1f55b13b78eaa7ecf29086f4551eb803afaeaeaa5895847f2f8bbe86a9bed75a74ad4f3d60b8ab14165c71dce3b21eb
SSDEEP

24576:qWvknOMEfAqeeoUZIfqfRWWR06wDUqzuhiBxyYW1uAhcu:qUeOMm3oUZ7Wa06wDdueQYgL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4236	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 4236	4784	36dd91eaf5035248224a3aadf77b7b5e.exe	32
PID 4784 wrote to memory of 4236	4784	36dd91eaf5035248224a3aadf77b7b5e.exe	32
PID 4784 wrote to memory of 4236	4784	36dd91eaf5035248224a3aadf77b7b5e.exe	32

C:\Users\Admin\AppData\Local\Temp\36dd91eaf5035248224a3aadf77b7b5e.exe
"C:\Users\Admin\AppData\Local\Temp\36dd91eaf5035248224a3aadf77b7b5e.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Users\Admin\AppData\Local\Temp\a2lhu0b9WW\yhdCAjKg\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2lhu0b9WW\yhdCAjKg\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2lhu0b9WW\yhdCAjKg\Setup.exe

Filesize
136KB

MD5
c9e6acca879b908201971550695ce04d

SHA1
1933d4532c70aefb165b30cecfeba50098b44908

SHA256
558df017c0232d0eac7956eea0da89891d96fb0169880cab2e5c2747172338a5

SHA512
65aa1f7585c04eb1e5496f8226ed93fda5c93c087d43509d7b69de4b8a8e297fd864d0c0eb72665a8a3b8821f076df43f542400b032e6593ff6a2c59a3d4b215

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2lhu0b9WW\yhdCAjKg\Setup.exe

Filesize
129KB

MD5
e60d723e96a5e890c8486a3934f272b4

SHA1
cc99a11e4adf63a557ce610f843db1a2fdea8201

SHA256
251129fb78f8eea271f323691ed5a93cc012f5af921084cc583f62a5295fdb5e

SHA512
ff9cb00b4e552ed61b516702208791b7cc8f5fec1035297fb7396e40562fa1d6576c5788bd3c265548905c4ff24e1932ffb1c63d66a96f76a8e5b8fb5a51ebf2

Download Submit
memory/4236-427-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/4236-621-0x0000000002030000-0x000000000212E000-memory.dmp

Filesize
1016KB

Download
memory/4236-837-0x0000000002030000-0x000000000212E000-memory.dmp

Filesize
1016KB

Download
memory/4784-45-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-9-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/4784-14-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-21-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-30-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-32-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-37-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-39-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-40-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-46-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-42-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-54-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-56-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-55-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-53-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-52-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-61-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-65-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-64-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-63-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-62-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-60-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-59-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-58-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-57-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-51-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-50-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-49-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-47-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-1-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-3-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/4784-7-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-48-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-41-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-38-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-36-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-35-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-34-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-33-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-31-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-29-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-28-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-27-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-204-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-26-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-25-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-24-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-23-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-22-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-20-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-19-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-18-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-17-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-16-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-15-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-13-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-12-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-11-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-10-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-43-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-8-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-44-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-0-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download
memory/4784-846-0x00000000022A0000-0x000000000239E000-memory.dmp

Filesize
1016KB

Download