054a071179e9bbf45871225ba15f85ce08c0d8390124595a28cc1f1f140172d8

Analysis

max time kernel
117s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d6ac536b6b61cc49a705f6790c8b94e.exe
Size

1.1MB
MD5

3d6ac536b6b61cc49a705f6790c8b94e
SHA1

77e02ca75c6995e536648664baaa0266e6a3c70b
SHA256

054a071179e9bbf45871225ba15f85ce08c0d8390124595a28cc1f1f140172d8
SHA512

76f5a91e1ce95ff8a22ba25ae8c9f238e0c1111b7b01fa5e965b5a8fda09210a2f83d0104d96be7266d57337052c610994653a02c12147982092b61a72db3d86
SSDEEP

24576:yWvknOMEfEURfh7CALcCWqUmQW+uixIg9fBSTrtPT:yUeOMmnthpW9VBuiCsfBSXh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2716	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2968	3d6ac536b6b61cc49a705f6790c8b94e.exe
2716	Setup.exe
2716	Setup.exe
2716	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2716	2968	3d6ac536b6b61cc49a705f6790c8b94e.exe	28
PID 2968 wrote to memory of 2716	2968	3d6ac536b6b61cc49a705f6790c8b94e.exe	28
PID 2968 wrote to memory of 2716	2968	3d6ac536b6b61cc49a705f6790c8b94e.exe	28
PID 2968 wrote to memory of 2716	2968	3d6ac536b6b61cc49a705f6790c8b94e.exe	28
PID 2968 wrote to memory of 2716	2968	3d6ac536b6b61cc49a705f6790c8b94e.exe	28
PID 2968 wrote to memory of 2716	2968	3d6ac536b6b61cc49a705f6790c8b94e.exe	28
PID 2968 wrote to memory of 2716	2968	3d6ac536b6b61cc49a705f6790c8b94e.exe	28

C:\Users\Admin\AppData\Local\Temp\3d6ac536b6b61cc49a705f6790c8b94e.exe
"C:\Users\Admin\AppData\Local\Temp\3d6ac536b6b61cc49a705f6790c8b94e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe

Filesize
51KB

MD5
16b8446c6a1c59dab5383b0b62c4fa00

SHA1
77d051f3b77008525e3234df5e7cf3889f0d5a51

SHA256
eedcb814922a88e425a4d47e79657b9789fe4512a0b449f896afc9d823c6627a

SHA512
7d1de0d0fb3cdc412f2e5901a8b7e325b3eed8fe44f3a17262e37880cd747d00d43a8b20a22bf8ac599b9f2480922b4650fc3d83893a087b917aad2fc0f99870

Download Submit
C:\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe

Filesize
53KB

MD5
4fc621529e8eb083a201c191bd0c4f44

SHA1
209694967308cc75edb5b08e52f316bb7c499967

SHA256
16ba06b507642d3b7a8dd62f85a04d33a61d898954f56defdb66af4a2d0ba71a

SHA512
9e8f2c116bdbad070b9e3632b73adbe16ba366f9e0aa6b2ce7d811fedd961b4f07cdf43e96eaa6a7ead10309902b97415bd543a095a6933ba3d78fe4868bab9e

Download Submit
\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe

Filesize
5KB

MD5
9a160824a2d2b14d51f144fb0e26c609

SHA1
c85d419b46603e1d4af48569a2112de280239745

SHA256
4ccb3992efc8bce4aa8d510ca6033c0f25d8ed062f2f051d3db4cd75569a2f6d

SHA512
b0eef75c7e52fc8106660f7a3c4d661997158fdbed732a659b7857f42af9a68d0be52669b7e83c9b035286eb6e79ba4f45d9516bf11ecda0161f55e561900516

Download Submit
\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe

Filesize
29KB

MD5
f230233a188257f5521f1fb245835ffc

SHA1
673168f8cd76d035c94e721f226579b76fec24c6

SHA256
edb45680dab0c0a5c0ec4f3c85caf88283f051add75878a049392f137a0c5be0

SHA512
fb1487bf3d88c4c666845321ab009e3b46350e4109c8b2f877f004a95f3ea8c4ecc005a2965beea0fd05555ab495f2660d342a1ff3ed2be70ddc960969c7014b

Download Submit
\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe

Filesize
42KB

MD5
f60363123c3b480f4eede3836cf30f40

SHA1
da9b8a554c123eef2fd7bcaca5946a4f6edcf43f

SHA256
53f362518f5e01e89b3718ed665b0cd60225cea4840fec4d8fb0272805ff430f

SHA512
235e62a58e7c9bf1ba56f3b0227d6a7a68246c9fc082ea1d866769086845602b2815b50278bab9908fac92d2c5fbedc1960c539ac83e4d3f0d028f026c31b98d

Download Submit
\Users\Admin\AppData\Local\Temp\a23ZYVEIfl\JgxtUNvt\Setup.exe

Filesize
106KB

MD5
aabf7aa73b1059ba411b53c1e8dc9f94

SHA1
5f35782baff6b204a1348e90127e9c25572fa884

SHA256
fe7f1157861e8e55ed76799e8a8bd070aabfcc017b79629ff7daf792ea7f7704

SHA512
4ff49520495baf8085f096ccd6919126ab51f3342b99338e5713d0833ae8f29acb28515f2ea3a15e07001691c97f42bfce6284043b790c3654257189f11d1fc3

Download Submit
memory/2716-843-0x0000000001FF0000-0x00000000020EE000-memory.dmp

Filesize
1016KB

Download
memory/2716-623-0x0000000001FF0000-0x00000000020EE000-memory.dmp

Filesize
1016KB

Download
memory/2968-58-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-64-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-65-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-9-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-11-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-14-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-17-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-18-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-19-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-20-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-21-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-22-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-24-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-26-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-27-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-28-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-30-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-34-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-38-0x00000000758D0000-0x00000000759E0000-memory.dmp

Filesize
1.1MB

Download
memory/2968-39-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-42-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-45-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-46-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-47-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-48-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-50-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-53-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-55-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-7-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-57-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-59-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-61-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-10-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2968-8-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-51-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-63-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-62-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-60-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-56-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-54-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-52-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-66-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-49-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-44-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-43-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-41-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-40-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-37-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-36-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-35-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-33-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-31-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-32-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-29-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-25-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-23-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-2-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-1-0x0000000000400000-0x000000000051EB14-memory.dmp

Filesize
1.1MB

Download
memory/2968-0-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-16-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-15-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-13-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-12-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-207-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-853-0x0000000001E80000-0x0000000001F7E000-memory.dmp

Filesize
1016KB

Download
memory/2968-852-0x00000000758D0000-0x00000000759E0000-memory.dmp

Filesize
1.1MB

Download