af908a52a53d4ac6d212815924e404cdb13f6e9ebc41e3a381448b4e17c956f3

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 21:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4739c398812ae61ec2a5fe123951418f.exe
Size

10.4MB
MD5

4739c398812ae61ec2a5fe123951418f
SHA1

4f1a8876d276db56558d032d2f00a94d8f05e634
SHA256

af908a52a53d4ac6d212815924e404cdb13f6e9ebc41e3a381448b4e17c956f3
SHA512

b919716914c8f4f765ef32a3f6135629cb4be57b75d7f65861d875d952d3fc259b7aabc360b9b42f526959cdbdc3311a5f444b961d03cde1527a4acde621c293
SSDEEP

98304:EcKGDvCcKGD7GDvCcKG/GDvCcjvCciG/GDvCcjvCc9GD7+vCcKGD7GDvCcKG/GDr:EzQkVwVXQkVc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1288	oeatp.exe

Loads dropped DLL 2 IoCs

pid	Process
2336	4739c398812ae61ec2a5fe123951418f.exe
2336	4739c398812ae61ec2a5fe123951418f.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	oeatp.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1288	oeatp.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1288	oeatp.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1288	oeatp.exe
1288	oeatp.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1288	2336	4739c398812ae61ec2a5fe123951418f.exe	28
PID 2336 wrote to memory of 1288	2336	4739c398812ae61ec2a5fe123951418f.exe	28
PID 2336 wrote to memory of 1288	2336	4739c398812ae61ec2a5fe123951418f.exe	28
PID 2336 wrote to memory of 1288	2336	4739c398812ae61ec2a5fe123951418f.exe	28

C:\Users\Admin\AppData\Local\Temp\4739c398812ae61ec2a5fe123951418f.exe
"C:\Users\Admin\AppData\Local\Temp\4739c398812ae61ec2a5fe123951418f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Users\Admin\AppData\Local\Temp\oeatp.exe
  C:\Users\Admin\AppData\Local\Temp\oeatp.exe -run C:\Users\Admin\AppData\Local\Temp\4739c398812ae61ec2a5fe123951418f.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\oeatp.exe

Filesize
6.8MB

MD5
4eaa62b0ea4a88b2924fb0b30f96875a

SHA1
d4eb7b30a7d5279b49962789ce9ad2709844bcf8

SHA256
f68d38aee1d8f610b6db11fd3c05c49815e7f61c6c1e69da6aeb96f57de0f067

SHA512
ba7656b89103ea5c5da63fdecaefc11656c4f1b641d4de301481966e914c36015643192581f67b8ef7b45a15075ecf585083a9605d86743a5948d78f6290306b

Download Submit
C:\Users\Admin\AppData\Local\Temp\oeatp.exe

Filesize
192KB

MD5
e37c01f65f5a809f52f49309d8252e6f

SHA1
1e981bbd031ca3729576b4bfe102fc5404bbcb0e

SHA256
95238a4a86669426a0f16e69634d9401ac62562604bcb7f7c385f58f4573e3d0

SHA512
8bf746d5b192a2f8de487d1f87b31609292996fe62ccc8f97df8c4db8d59a1a4090b8f3de15fc4f7a0059662d026ec91f0f8eb6f06a500b727de8c21643aaa1a

Download Submit
\Users\Admin\AppData\Local\Temp\oeatp.exe

Filesize
10.5MB

MD5
fd8483a504a4a4f7bf816391ab84d891

SHA1
a11b7aeb0f4da78dd18d27bf67ed3da21453e125

SHA256
9c253a36ae89e79b827e0cdfef4cddb4ef69b38a9a2341ed781c80b0d0284cf7

SHA512
28fc77f8ca1d622f42496d318d0cce261d1aa5107c0dcca6fecd11bdad029655e64fbf00927ec876385bf22057a64a294fd9f28b6d0c43418668c7da255bc399

Download Submit
memory/1288-54-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/1288-61-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/1288-63-0x0000000001ED0000-0x0000000001ED6000-memory.dmp

Filesize
24KB

Download
memory/1288-73-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1288-74-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1288-56-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1288-59-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/1288-62-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1288-60-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/1288-58-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1288-57-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1288-55-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/1288-53-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1288-52-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/1288-76-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2336-25-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2336-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-19-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2336-18-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2336-17-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2336-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2336-30-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2336-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-15-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2336-14-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2336-13-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2336-10-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2336-11-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2336-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-21-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2336-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-47-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2336-22-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2336-20-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2336-23-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2336-24-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2336-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2336-26-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2336-27-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2336-28-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2336-29-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2336-12-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2336-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2336-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2336-49-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2336-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2336-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2336-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2336-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2336-7-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2336-8-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2336-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2336-1-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download