6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3

Analysis

max time kernel
161s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 12:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe
Size

3.0MB
MD5

c442dd3808dfbd6fa768319f3d0b8deb
SHA1

c8fed7b8adc07ffee4aa90b049be0e99cada3b5f
SHA256

6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3
SHA512

7711c0d441b69e9e2dd90579cc53a7ca3b7f21f6b3fcfc00a4fac1bc6f9696e0ac1628799a4ff89f79e9eeb0473e7f727bd35d7a7865b2bbf5b316bd0b81c481
SSDEEP

384:8oaL6S896g0SoVBAtRPWPyWCn5/hW5Zlp9kH0goFSBRXXsC0XxIOEtTaiBmcR:8tLcF0VVBSMdZpaIFSnXXsC0Xm4gme

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4912	4256	WerFault.exe	88

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe = "11000"	6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4256	6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe
4256	6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe

C:\Users\Admin\AppData\Local\Temp\6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe
"C:\Users\Admin\AppData\Local\Temp\6dcfd0a4c5e1f4bd137187d39590f8c5f2f29cecdb2dcdce605b803145643cd3.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4256
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 1540
  2⤵
  - Program crash
  PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4256 -ip 4256
1⤵
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4256-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download