066687f51b9bf88217f7abef257679622a0caaf9be12878241a219435d22a21d

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43b0c5988a73db725d1f4f975c1de11c.exe
Size

1.1MB
MD5

43b0c5988a73db725d1f4f975c1de11c
SHA1

cd519f1f92fbe0cc6f6cc0b170a910455862838d
SHA256

066687f51b9bf88217f7abef257679622a0caaf9be12878241a219435d22a21d
SHA512

c7424fb8dbe9885bb57e53bf4a1882d5f8ff7927d69c7662af26c156c25affe9b415b5f337532f4ff38004a857c10487257e59b2fefce4840816718c3f15eeaa
SSDEEP

24576:VWvknOMEfqmINsg9x+nAzw+eoJb/t/2Pzk/kVnaozLzcpNN+n:VUeOMmMswkAzHlmjaonQ9+n

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2900	Setup.exe

Loads dropped DLL 4 IoCs

pid	Process
2860	43b0c5988a73db725d1f4f975c1de11c.exe
2900	Setup.exe
2900	Setup.exe
2900	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2900	2860	43b0c5988a73db725d1f4f975c1de11c.exe	29
PID 2860 wrote to memory of 2900	2860	43b0c5988a73db725d1f4f975c1de11c.exe	29
PID 2860 wrote to memory of 2900	2860	43b0c5988a73db725d1f4f975c1de11c.exe	29
PID 2860 wrote to memory of 2900	2860	43b0c5988a73db725d1f4f975c1de11c.exe	29
PID 2860 wrote to memory of 2900	2860	43b0c5988a73db725d1f4f975c1de11c.exe	29
PID 2860 wrote to memory of 2900	2860	43b0c5988a73db725d1f4f975c1de11c.exe	29
PID 2860 wrote to memory of 2900	2860	43b0c5988a73db725d1f4f975c1de11c.exe	29

C:\Users\Admin\AppData\Local\Temp\43b0c5988a73db725d1f4f975c1de11c.exe
"C:\Users\Admin\AppData\Local\Temp\43b0c5988a73db725d1f4f975c1de11c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe

Filesize
86KB

MD5
7f7993d6f3ab95046181307a87987eac

SHA1
f1f819aa20e8c15c5751dbb213469ab61b35a1c5

SHA256
e2546de1edcd5f73c68b7cd77972ac3769914f1784e763840c1a8c2d20b5e48d

SHA512
851a9305589c3517af711225e5f6ac327a5123f733f34ad3fa4acce44e0496f7059829d26a80653afd67f191595dc5e77c7fd2e8076d4133840fa820d60f055a

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe

Filesize
26KB

MD5
de36cd0a97662067a31801ec158f30a5

SHA1
df8064d6d5f6e2b14ad8aa5af864361b34a48a69

SHA256
1111a6e848c93a8cfe3d387b823fe0459ee4945b576abe66e22782c33ee1ba7d

SHA512
6f3b6483bfcd1e972cd9fb010d1c7f7034dacfc36b043aa2fbd1ed3a18b6237b8ecfc950908074f05fc471532588bab5c459997e2a21ff88deda738b25fc8ee6

Download Submit
\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe

Filesize
45KB

MD5
fdfa6870098a42c4b88d7012433c4415

SHA1
30ada47ab7deb3819f280da3e5d3cb817fbb9d88

SHA256
5b295ae5022dc114beae608e45e09b24df02518c2d5ac09c26c8c49ac1eccc90

SHA512
55284e20ccd18322bdd2947347c44765a102e4fa069a6ffeee15d46e3f227ac6dab27ff3ef0c3b8c05ef322f2589e4447641c9cddfca144e3d5a2979f4de1436

Download Submit
\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe

Filesize
24KB

MD5
94e34ddbce6736898a0925d474fa3160

SHA1
079c1a71750110167211289863002cba05850998

SHA256
9a851599bdcdf507ed822033d2361589388e5deddfecf7b121c6d19388cd8bb7

SHA512
baa2002f68e4e37317900278508f9c7653893951025060aa6521c4470150b7f3df7fc5863d2cf48512dfc4fd80dbf1159afad664eefd9d743b386fbd228cdff9

Download Submit
\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe

Filesize
14KB

MD5
84daf4916eee9badbed5b20fc4848688

SHA1
12692a64ab26636cd2d8b8701885f620bce55089

SHA256
a7da42d7ae0ab617543527ec7ea074e934c7ead6670dbd45191d662254fecd0d

SHA512
1f3981b03603e94dd864c7b6745250e7bbcce9cd98ba55800ac7b5a6c5a236bb8d230a757ed8b0834ac6dba2f78542aeb1a1be84db8bbbcd5790dfb88391cee5

Download Submit
\Users\Admin\AppData\Local\Temp\a2gdxV1BSS\UwC4dSyu\Setup.exe

Filesize
15KB

MD5
7d39a6c49a06a77ba8def70861aa8aaf

SHA1
e9845af28d0b2ee427aabd67a321673a85eba2a1

SHA256
789eb5d8cb2e3a050e39520937630d58378f4a38055d9ffcd01769480dc59070

SHA512
0dbb5e646320427262a8bb5e446ea8036ecccc81decbfd696d78c3f07b571392ef40c0719dc4635dab931252560701175942764fccd4505c69e21815bfd27670

Download Submit
memory/2860-45-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-58-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-13-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-14-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2860-50-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-11-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-10-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-18-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-20-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-19-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-21-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-22-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-26-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-29-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-35-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-34-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-33-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-32-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-31-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-30-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-28-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-27-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-37-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-38-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-36-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-25-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-24-0x00000000760D0000-0x00000000761E0000-memory.dmp

Filesize
1.1MB

Download
memory/2860-42-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-44-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-43-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-1-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/2860-41-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-12-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-0-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-16-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-52-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-56-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-55-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-60-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-59-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-63-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-66-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-65-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-64-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-62-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-61-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-54-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-53-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-51-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-49-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-48-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-47-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-46-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-40-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-39-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-23-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-17-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-57-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-2-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-15-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-9-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-8-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-7-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-203-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2860-852-0x00000000760D0000-0x00000000761E0000-memory.dmp

Filesize
1.1MB

Download
memory/2860-853-0x0000000000220000-0x000000000031E000-memory.dmp

Filesize
1016KB

Download
memory/2900-843-0x0000000001F10000-0x000000000200E000-memory.dmp

Filesize
1016KB

Download
memory/2900-623-0x0000000001F10000-0x000000000200E000-memory.dmp

Filesize
1016KB

Download