205557db95a76c18ae851fd80ed88697c832e1a72ec61c802112a36889526558

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49f72dd7887adbfa64c4e0087dcdd2ce.exe
Size

1.1MB
MD5

49f72dd7887adbfa64c4e0087dcdd2ce
SHA1

eb1c20824150e10a65f8a0b11f17cd09685f5599
SHA256

205557db95a76c18ae851fd80ed88697c832e1a72ec61c802112a36889526558
SHA512

f00992487af3c485310bd77cc2364ea7d0145c092b39fce6b87e40e9c7d501e4c87198b1c875f3f07fda7cef5775187b63c45f912e535e4bb352261297a9df1d
SSDEEP

24576:rWvknOMEfvr/B9eL0OzoYOxuJNB0Ht2VX0t/CtAHObfgQ42ODC+J:rUeOMml9VOzxLNEt2/GHOMC+J

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4100	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND\Setup.exe = "0"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_NAVIGATION_SOUNDS\Setup.exe = "1"	Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 4100	3968	49f72dd7887adbfa64c4e0087dcdd2ce.exe	89
PID 3968 wrote to memory of 4100	3968	49f72dd7887adbfa64c4e0087dcdd2ce.exe	89
PID 3968 wrote to memory of 4100	3968	49f72dd7887adbfa64c4e0087dcdd2ce.exe	89

C:\Users\Admin\AppData\Local\Temp\49f72dd7887adbfa64c4e0087dcdd2ce.exe
"C:\Users\Admin\AppData\Local\Temp\49f72dd7887adbfa64c4e0087dcdd2ce.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Users\Admin\AppData\Local\Temp\a2jcQ3hi7F\BOkqp86N\Setup.exe
  C:\Users\Admin\AppData\Local\Temp\a2jcQ3hi7F\BOkqp86N\Setup.exe --relaunch
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  PID:4100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2jcQ3hi7F\BOkqp86N\Setup.exe

Filesize
83KB

MD5
45ea5cb027ace581c529670bdf169bc6

SHA1
86acf2a93fe22cf3118d6a6f6d5735fbe9d8a995

SHA256
79cc00de1591e64acf3b621ef21a633da61724fca877c95c6aabf55561031299

SHA512
d83d46f6862582c6a11450d73788817949329d0111208052c8b313225d9a03fef1984ad45c9eabf45922d263bf6cbc4b633d90446a0f0884581e7583440cb604

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2jcQ3hi7F\BOkqp86N\Setup.exe

Filesize
20KB

MD5
22f71d9a871365a001ff748884d722e1

SHA1
79c2bdde2f8d85bb01db848311c6482aaa0621c8

SHA256
a15c07765b32d693abd8eede73e82e005d2cf15e538dd1dac60391b83e5cb7e4

SHA512
381ab4fe55a3561f33ce9d73c54ac1baef9432a0af96dea93b5d156f7e41f5ae6e15107947d22976d782a944c6ed14efebcf15e9563e94be8a2c76b5c6c5f245

Download Submit
memory/3968-0-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-1-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-2-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/3968-13-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-14-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-18-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-20-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-19-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-21-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-24-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-23-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-22-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-27-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-30-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-29-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-28-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-26-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-25-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-17-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-16-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-15-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-12-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-11-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-10-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-31-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-36-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-42-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-47-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-52-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-56-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-57-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-63-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-65-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-64-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-62-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-61-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-60-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-59-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-58-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-55-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-53-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-54-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-51-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-49-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-50-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-48-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-46-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-45-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-44-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-43-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-41-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-40-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-39-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-38-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-37-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-35-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-34-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-203-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-33-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-32-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-9-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-8-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/3968-7-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/3968-846-0x0000000002260000-0x000000000235E000-memory.dmp

Filesize
1016KB

Download
memory/4100-424-0x0000000000400000-0x000000000051ED14-memory.dmp

Filesize
1.1MB

Download
memory/4100-618-0x00000000020B0000-0x00000000021AE000-memory.dmp

Filesize
1016KB

Download
memory/4100-837-0x00000000020B0000-0x00000000021AE000-memory.dmp

Filesize
1016KB

Download