a7402df2285bc1699c2afb618822339698325c0cc0640571e8e0c19d1b3ec70a

Analysis

max time kernel
144s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 11:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

439387eb5eb1237467e146d4fe9f1dfd.exe
Size

14.0MB
MD5

439387eb5eb1237467e146d4fe9f1dfd
SHA1

e67608331833ef3f4bcd84d05c5f2ba219acbaa1
SHA256

a7402df2285bc1699c2afb618822339698325c0cc0640571e8e0c19d1b3ec70a
SHA512

6adfaebb2677ba4a19fa985468c8c08651a7a3f8bcae909946df7bc5e9636a47ab1657b9fd8b70cdb1e679343a38344c583deacc6448a634d72b1b6c472e48a7
SSDEEP

393216:fLTSuTNEbdvhkyjhwqTwPhekZ7lbcNk0Lxh:j2yNEpvDNAeg9cG6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4964	iesetup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ie7_main.log	iesetup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 4964	1276	439387eb5eb1237467e146d4fe9f1dfd.exe	94
PID 1276 wrote to memory of 4964	1276	439387eb5eb1237467e146d4fe9f1dfd.exe	94
PID 1276 wrote to memory of 4964	1276	439387eb5eb1237467e146d4fe9f1dfd.exe	94

C:\Users\Admin\AppData\Local\Temp\439387eb5eb1237467e146d4fe9f1dfd.exe
"C:\Users\Admin\AppData\Local\Temp\439387eb5eb1237467e146d4fe9f1dfd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- \??\c:\56789ebcdd96d8dc9e07e0d6764f08\update\iesetup.exe
  c:\56789ebcdd96d8dc9e07e0d6764f08\update\iesetup.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\56789ebcdd96d8dc9e07e0d6764f08\update\iesetup.exe

Filesize
1.0MB

MD5
2cd144dcfad53d2014d830d2f23f59d7

SHA1
c105bc46b8d882e261197423b7f867e6b68668df

SHA256
fc608b0f19a2d507282580771f949d31fb4b73eb623a5986a408a8a9d5384709

SHA512
f4c79b27b4b5c85a16d8a4ffa357bb8a59d39e7a2a8cc39a9d3baef1a0ea13747f6bd9ece3516f19d397b5f953c36da2719166aa6c7b5374161de5acd8e0c2c6

Download Submit
\??\c:\56789ebcdd96d8dc9e07e0d6764f08\update\ie7.cat

Filesize
43KB

MD5
00af01b582963d0c4d0c9b554ae0c0bb

SHA1
7a087c1ef0e3e2bdc9711a64be49d3c8f3fa245b

SHA256
7c331d26409dda1976d5db084ec3e09cbd9cc40c82dd33f33d4764c9f9ff3bf0

SHA512
f167656a79389ac4fd08df28eab7a65dca4fcf1946b54b79c59196385291c3d6852772e6b5a1faa1c62ff00801a215eb3b7bad5b746db9fb3bbe7be46ec1c107

Download Submit
\??\c:\56789ebcdd96d8dc9e07e0d6764f08\update\iecustom.dll

Filesize
32KB

MD5
2bd56f3e701f074657f8c4b432943978

SHA1
156d478b2429578ca0f452d920155f0ac1456b55

SHA256
1e1a0d6d383e1db69ec62f1c8877139142ab86e602bf8980be202bee88aefc9a

SHA512
0c914d7ccfc8166ceb33ad55fe65770be4fe4cb6b2b9043f22888641c9ecbe4e3dc8b975779ffa0e980b1fe66a509fdf83c82d8fe0953a3f31597f2fbfa43824

Download Submit
\??\c:\56789ebcdd96d8dc9e07e0d6764f08\update\legitlibm.dll

Filesize
620KB

MD5
2ae9a778bc11027805f5ae0ac7c1e387

SHA1
570ee57195bfd68b217f3ffd63472c88a54b638c

SHA256
758c19ef12ac5bd420e03d3347fb2d4ddf00e15311e8cf55f9834d13eb3bbc35

SHA512
5ca4fa4650bd06123200a0612d6a44adde132ec81c92f3fbd2ed9ba2fdb381a929e3974e4c67a2a4f7533a7b81ffccbbbb1fdb78a0d0c8ee6dadc557af5b8c80

Download Submit
\??\c:\56789ebcdd96d8dc9e07e0d6764f08\update\update.exe

Filesize
673KB

MD5
c44c9d1907276854777480c3a969e296

SHA1
c22ff3b85f35f65e8ab91fb5e175f0e19e79b466

SHA256
041b7515fcb704d6669abd650f73a965e670df9814d7446358dcf4dd1745070d

SHA512
c09aa1d202af267b6fb9d2c2b658cda73f502f8ff788cc8fe18c8c6178932ea55884f8b3efb7b185c2618e6aeb3dfd51a79f33d5a5986d32376dec89b03302be

Download Submit
\??\c:\56789ebcdd96d8dc9e07e0d6764f08\update\update.inf

Filesize
1.5MB

MD5
844939d5ca168d9a07ad3ef8b3be9a50

SHA1
9de185eb34c284ed7143a67e03ed02d47830498c

SHA256
391d6020433206d62dd4a08d1dfc3bd213f8b283690eb043ef96b1465469a2ab

SHA512
9b6af0f04d10346343ed8cc0e0b2c93f99973edcf3c2ad9c9dfb7db07fd7151da2cbe79b624d81d08d5d2ca276dd5d36e8b900b81c5e5c77a323cee7bc7b032d

Download Submit
\??\c:\56789ebcdd96d8dc9e07e0d6764f08\update\xmllitesetup.exe

Filesize
522KB

MD5
55987d1e1930dc394fba4c017900001d

SHA1
142d22de64c4b0a72bf16de595eb35556bca3010

SHA256
a4f1db2179a4ae1603fe064d1f00bf7a7691cf42b7ebb5070612eebab019e380

SHA512
97f59517f640afaafd658f170d4863c96af5b9c39ab6b5cdcf747103bb2b245e33d889ab035a1c83cb3caf4e76c864f9f1f56450af1c39b5efce9c9361c992f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads