1edb194135aa194a2e88a3a3fbf267b3dbc4d1e9536fe147542a7dadfd936c39

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4926bbb87c56d5e3604188dcc5985331.exe
Size

2.0MB
MD5

4926bbb87c56d5e3604188dcc5985331
SHA1

af95b9dfd7e3b69c5e9d7d57785cc65e866d32ef
SHA256

1edb194135aa194a2e88a3a3fbf267b3dbc4d1e9536fe147542a7dadfd936c39
SHA512

f3a714e41e2f8ee1a720ad973633cd1dacecd6b1d22f0a41576b5815c13cc90e3e3966b7491669d3afc88059b601fb79aea2c83325281a3d58f67f19ed9feb17
SSDEEP

24576:+7QFRUm/rCYAj8pXU+Cz/rC6YAj8pXU+Cz/rSCYAj8pXU+Cz/heU+Czr:EQFRHrmQG+yrTQG+yrSmQG+yr+Y

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	dazzm.exe

Loads dropped DLL 2 IoCs

pid	Process
2444	4926bbb87c56d5e3604188dcc5985331.exe
2444	4926bbb87c56d5e3604188dcc5985331.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	dazzm.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2804	dazzm.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2804	dazzm.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2804	dazzm.exe
2804	dazzm.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2804	2444	4926bbb87c56d5e3604188dcc5985331.exe	28
PID 2444 wrote to memory of 2804	2444	4926bbb87c56d5e3604188dcc5985331.exe	28
PID 2444 wrote to memory of 2804	2444	4926bbb87c56d5e3604188dcc5985331.exe	28
PID 2444 wrote to memory of 2804	2444	4926bbb87c56d5e3604188dcc5985331.exe	28

C:\Users\Admin\AppData\Local\Temp\4926bbb87c56d5e3604188dcc5985331.exe
"C:\Users\Admin\AppData\Local\Temp\4926bbb87c56d5e3604188dcc5985331.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\dazzm.exe
  C:\Users\Admin\AppData\Local\Temp\dazzm.exe -run C:\Users\Admin\AppData\Local\Temp\4926bbb87c56d5e3604188dcc5985331.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dazzm.exe

Filesize
1.6MB

MD5
b3fd5fa1033a1463063bffa4cae27c16

SHA1
2a1e2478d8ee47c52b977450b4549ee51a60d64c

SHA256
94e1ac890bcac0873f9865988e842a6e774bf49e21069dd6e520989cb1e98bf7

SHA512
162f0f197d5e8111cdcfa5f6aa09c6bfc242ca10b3cc59bd53d2cf48aa4b82adf7319d1e510db5d7d026cd36e1a9f9e52842899b86d3bccf70ce04229ce8d9c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\dazzm.exe

Filesize
1.6MB

MD5
e8aa2295eb9b3a5d7e3d9cd9974957b9

SHA1
ee6e6ed9cf2545b407f8160a3154341f28abd37c

SHA256
089131c8032e12e73caecea3bddaf88aa0f0335ef598a2c5cbade47c2c4e92da

SHA512
79cd5113afc5c6037f52a72f7be151cf04dfa874174e4001b71b5e26e50557e26f7d34d34cd74a0801e7290c6960fa9c566fa8667269baf0209227ba915e7d24

Download Submit
\Users\Admin\AppData\Local\Temp\dazzm.exe

Filesize
1.9MB

MD5
3f8a918457f0533ba32ea7d6bc3525f8

SHA1
11efd67e13a558f72e9cc9870e18bb4a86e7b736

SHA256
9d4de205e67658708fdbc278242c8b3ffd21d5570efc4a224318c45ef1252b6c

SHA512
5c0e348fbeecc3a94d3cb5181f9987bed1f61cb8b9bf644491e8d8016327e37c3337142d9d2c32b3c22bd0a6c1e0cc72d234433b90d6afbc92b2ca53ef4cf549

Download Submit
\Users\Admin\AppData\Local\Temp\dazzm.exe

Filesize
1.6MB

MD5
e96891987e48b169ac634d535174bea4

SHA1
c33b984edb29feeeb0f99a9392dfd76765e65896

SHA256
5fb5cf09146f44e0662c5f8fef242a2ab3539904b8372cecebd22af383ab6320

SHA512
8c242487ce7b30fe4c5eb32e37347b70b2a0818aa77c071ec24f59c8078f94f9921a82c5fd64e97f990bee2ed2194e6866ecbcc04d56ddd364e89785f3202100

Download Submit
memory/2444-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2444-28-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2444-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2444-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2444-8-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2444-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2444-12-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2444-11-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2444-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2444-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2444-20-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/2444-19-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2444-18-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2444-17-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2444-16-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2444-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2444-13-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/2444-2-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2444-27-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/2444-26-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download
memory/2444-25-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/2444-24-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2444-23-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/2444-22-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2444-21-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/2444-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2444-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2444-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2444-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2444-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2444-40-0x0000000000320000-0x0000000000370000-memory.dmp

Filesize
320KB

Download
memory/2444-38-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2444-5-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2444-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2444-1-0x0000000000320000-0x0000000000370000-memory.dmp

Filesize
320KB

Download
memory/2804-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-52-0x0000000000330000-0x0000000000380000-memory.dmp

Filesize
320KB

Download
memory/2804-72-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2804-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-73-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2804-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-45-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2804-44-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/2804-95-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download