cf22ad9abd42b9db5d1baa9657ecc5c2ad8f5851afe56cf03439cab1820c0ee0

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

392d2252c15f09dea97f9dbaa721e6a9.exe
Size

215KB
MD5

392d2252c15f09dea97f9dbaa721e6a9
SHA1

53ebe12dc0ce4769bc46d23289b4755277c1820f
SHA256

cf22ad9abd42b9db5d1baa9657ecc5c2ad8f5851afe56cf03439cab1820c0ee0
SHA512

fc1c39dfe8cbbcf1ad5ab65c1e3ea88d30b5252d13df308e384071ad605858310c1fc1059594c73d545a1982c9504b00c1075245418e3f243991447b42cb3b33
SSDEEP

6144:YUZCqqbuAdqqR6fhYCKRbT+qY/27lGAwyIeWxcO5YO:1ZCqqbuNqR6fhYbT3gGnwBeW6aYO

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job	392d2252c15f09dea97f9dbaa721e6a9.exe
File opened for modification	C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job	392d2252c15f09dea97f9dbaa721e6a9.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	392d2252c15f09dea97f9dbaa721e6a9.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\International	392d2252c15f09dea97f9dbaa721e6a9.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2772	392d2252c15f09dea97f9dbaa721e6a9.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2772	392d2252c15f09dea97f9dbaa721e6a9.exe
2772	392d2252c15f09dea97f9dbaa721e6a9.exe

C:\Users\Admin\AppData\Local\Temp\392d2252c15f09dea97f9dbaa721e6a9.exe
"C:\Users\Admin\AppData\Local\Temp\392d2252c15f09dea97f9dbaa721e6a9.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-1-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2772-0-0x0000000000440000-0x0000000000459000-memory.dmp

Filesize
100KB

Download
memory/2772-17856-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2772-38173-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2772-38174-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2772-38175-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download