Analysis
-
max time kernel
17s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
06/01/2024, 07:03
General
-
Target
4596051a60ca9b32e76f355bf8243207.exe
-
Size
21KB
-
MD5
4596051a60ca9b32e76f355bf8243207
-
SHA1
391d79542536d6199d5818f1dcde1f965d2193d0
-
SHA256
898bb1b591e69d0290dbc59ef52983e75e6a56be90690a4144e0a6677366454f
-
SHA512
84530366372f1dccd8e557dd79f7165953dfea296b84c4fc92682d4ddaaf4de5ba1e3bc8301d1219e80b9b027905eb4e04990f7e13a3e3f68b9377df9dbd1710
-
SSDEEP
384:Wk26REFf+qJSipgEs5rksAqTe2ASbAit/YCLx4LssYRFbKDAxLr6+S9Pfu7n5v:p2eE3JSmgEyr6/SbAit/jegsSKUxydex
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 25 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4596051a60ca9b32e76f355bf8243207.exe"C:\Users\Admin\AppData\Local\Temp\4596051a60ca9b32e76f355bf8243207.exe"1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4596051a60ca9b32e76f355bf8243207.exe"C:\Users\Admin\AppData\Local\Temp\4596051a60ca9b32e76f355bf8243207.exe"2⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE"3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:21⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD58fe278bd8eac660d0161a869da96b8d8
SHA1eac6f73862d89fc8c49b5331cabe89b6a57019b1
SHA256e8a6de34603eb9e91ba82f555080758e480ab044ffa9c140028706f916eb2c0a
SHA512b180b8df22e421493dcc75a2caed123f7c7756295f691579ea5c426c741f80e381b4960b5cbd6b5e87547d75e44ab654d1c4704fe34b4b743a57f334bd05846c
-
Filesize
344B
MD55d9bd0267a56eb879e4c48b4c33d1a5b
SHA1d53f316b7d15243900ff94181c9f908d2b58d654
SHA2567068670c2c914cc0aab2a3c36a25ca84f512b6a272ba48b3581a6f09991b9925
SHA512264eb9d31dfd90ba7d7b124f196fc8bc04ce2e70d356f623469e7336d57158bf866682e8fa6e7b00b6e5963441c54e80fde73953fd899cda10b5620e23e93eba
-
Filesize
344B
MD5187e88c0dcebc1b7f4b8e1e4e1fab6c5
SHA10f78c1babbaff1d0ef429bc36ce667aae8422847
SHA25679c0a10642dc0260bf0002f72a00c86004e4feb69782fe822651a8171efb11ac
SHA5122d3ffe0c77d85437ee9a21431314b035dfd6724b28c9d768664a4cd003e9e4e7e80aacdd8d9443234b4a4f5ceaf2e5a1cee2a93f822a0c2ba34625c46b8111c9
-
Filesize
344B
MD54530111fbaa928388b3d5a803af3c5d0
SHA1f09a7041448cdf699e0c08f798c741619f19a70b
SHA256debb4c110ff29c2506027119e165baaea1093e34ec3c45701bf225272c712f1e
SHA512ca820aff8d664866432718fb90d834b3c41e66e51070fc38dc712772a704085bf695f757105b746ce526270d2dddddc707b899e9ec4b2e3cec3ed1da0cb032fb
-
Filesize
344B
MD5788a5096032015af0bc696c531fa805b
SHA1465a065b01858af51e6404f1740a72b1c8eb5c9e
SHA256421bdadf0121d601a25ef7574e7766d759817e1f53ca2f7b3710bf846557c620
SHA5122a0ac4ed7f949894d5591ca2f115282b98015e17267e9e7381ae1521ccf1157b094a9c9e02785c3cea0855dcdefcfee7c743ff2064d32aaee77b1060b53d9c03
-
Filesize
344B
MD5afa27b00c81c2f31752847d7c0d1f03b
SHA1be300b02eaa04663b1a6e566d89791c41a373efa
SHA2563dfdd229956f3712e059f63487d9eb07bd755fbc405d8ecad1c115e0d62a24f4
SHA51219a4c2225cc2a7d1f47fb80f498f922d6045ca3aef87dc23b94ba94114c5ba46abee2c71de17f4deb40b704f24c8b0d40428b2abfd0de8ae0a629806724bb2f4
-
Filesize
344B
MD5b813d36d3263340382ef51c76c429dfb
SHA1c2bf8e8fc9eef3aadc10239915feaf028dccd8b5
SHA25660d54aca8c64e9ff1e146740a1966f67802cad1a8d81be3ab041b84f5adab131
SHA512741de1fc0f62ba9d74e0f47afcb9e03bb098f4dfabafe0019b1fe17cdb50816acc0b752382ba894391f23d3dd32d0ae96fafbb6181b5eaddc6f7cbc8dd5277df
-
Filesize
344B
MD51a7fb37881ffa2f76650ba5e86de2d90
SHA105b28ecf2e0505f1dba62859422db35ddca6fc95
SHA256641554bfb36e717f64c8a953d47116b36a46e5e47be791e2da338982ce91e940
SHA512a8c169b69f504b8e738ebcf248457dde0f33e5e3b4a19619254f2b837bfb3565c598c5ed4c28da32ae216c9b2e439169092c3b802f070dd0fc6e8e8dce93302d
-
Filesize
344B
MD5ef952a1824ab15bc2876e0a764fb5f22
SHA16d34fdca4640c54ca884e7d060a49604f3555f58
SHA25620bcac42685abed2205f177416585d0a129a46c4d2ed5d79cfa9105fd8ca1bb4
SHA512d0e66bebdeadcefc84745e708c7ac6a8a0fa3b022398396273f0f2fcbb93d1652fbb0e8735b282fbb038eae31e0c6294b3af8db0987c26f680cd126031ff91e0
-
Filesize
32KB
MD507f28307499aa6e0088879fd21116b9b
SHA15e1de9d96c3e5820f1ed10276ab13cb722a8aa42
SHA25680e34a95a20c023b3ad4d86af83d0c560e3d35b4c6ebee18f2cb865414db3cc1
SHA512ca6f58aa5490b20c8808ce01a6bf9da9cd66ac51f9581e7c7b907e284bacea729131e1f445dd3973fe096373ef7b5481c7931778b2fe8be2c0d179b51ea8ae57
-
Filesize
26KB
MD5bfbb3e64c5b4c14844ee01a54557f65a
SHA1bc3400ed9f0376f4051333fb0b9d423510550ba8
SHA2568d4ca38e1a7e11574175bf39fdf2c2420cd0ad2abcee2caafe60ec5b5a74df17
SHA512d8fe2d91398ef084303ebe860da8237d566c87ec9285c3245a8ba55cd0d0084dc5c1fb92dce0bb31592971b9e61284edde4539dccba7f2f7484c3c4ed07da829
-
Filesize
36KB
-
Filesize
68KB
-
Filesize
68KB