629c8f28d97d50004d8e9dddbc9a08f8de4aa8c0f2fa9bebe96fb89759a10354

General

Target

4c75aafcfe95e2d27950569c3d985ff6.exe
Size

1.1MB
MD5

4c75aafcfe95e2d27950569c3d985ff6
SHA1

0eda2b7439343d1149dce8e066e102fd792cc09e
SHA256

629c8f28d97d50004d8e9dddbc9a08f8de4aa8c0f2fa9bebe96fb89759a10354
SHA512

66800cd3018004afbd4d636db6b26504dde81ff0a0fff154442a68bef75fbc0e6977099ec11109b3fd9d2cd74e6a1dd5ae988c602a92f732908981428b8ced94
SSDEEP

12288:oFc6BxrLx8NZzcuqNPO6JmEtAa4VH/WV6nGTnHbajQZzRLSTo24s+VJDHrMQgR/4:+PGZ+O6JLtAa4VYMGEez0TvYEoH

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2340	4c75aafcfe95e2d27950569c3d985ff6.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	4c75aafcfe95e2d27950569c3d985ff6.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2340	4c75aafcfe95e2d27950569c3d985ff6.exe
2340	4c75aafcfe95e2d27950569c3d985ff6.exe

C:\Users\Admin\AppData\Local\Temp\4c75aafcfe95e2d27950569c3d985ff6.exe
"C:\Users\Admin\AppData\Local\Temp\4c75aafcfe95e2d27950569c3d985ff6.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259394390\bootstrap_26416.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259394390\css\main.css

Filesize
5KB

MD5
a35ca94bb840249c0f3fcc711b6f0cb2

SHA1
ceca18ddddee33e1975f9f04b71b6fc4cc31f6b2

SHA256
44f4ba01cf1554734b3ab52ffe2bb9192d20c1661b4b17de97c523a2a9f03f9c

SHA512
f8cdcf293c6ab2dc32dae366a149efbb86ccb710fdcb4623024e73c3cf23e4efbc515bd3cbc4e19363eb6e22efef4a7bf77718987ee2e076a2969c845f9d99fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259394390\images\Top_Bar.png

Filesize
4KB

MD5
61a709f859302fc1bad99cf76faa0e1c

SHA1
f4943f2058997275a2dc0cb1bcadc59302f52ef5

SHA256
e6656ed9574411d1d59595e3f6bccf35106760f7fa48e1f57d2ad59b7cfad510

SHA512
599cc37f7d9d587cff397e2bffad9cbd801fac6eb499ec8e74ba3667870e04f01a2cea119f6a8c6deb41ffadfb76f6a8014b5f7864377cabfd281ae1c2805c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259394390\images\badge.png

Filesize
4KB

MD5
da4c4d7e2d0bf0bf47263fe34b5ba7a4

SHA1
d70269a4f56878f00a9646514f688967e62765f6

SHA256
4ebdf88d374c06db76dcd1ea960981ba0b67d903c91edc49a9ecef66522d88a8

SHA512
731c62ceea286a77574ac71a5e05f883aa536cffa8bc0d7084b3381a8d8ae408e87f360951f8bbb9adfb5338c453a9b9e3f8471bd6634018c02b5e472e56e19b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259394390\images\close.png

Filesize
365B

MD5
69749961b3a71a1d4dea77263085d89f

SHA1
f6772a2deedf13860a0e2455c79ea8ea7659af41

SHA256
2b70a1fe0d47f3b744c337af1c7803b771b08608de16ee665403e82374f9cf31

SHA512
a34cca02d3c3cfe84d5ef943bd95671fcc6461b206e11842bd298c82149110a5a28ac325323511bb2c4ca7d0b0ecdbe3a2c78b8cbbe6207359694ef373459129

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259394390\images\color_btn.png

Filesize
1KB

MD5
7478cba40c5f79bc79d640c53ecf4124

SHA1
6401ba8b5cbf463175e06c5cb89df1af67235cd7

SHA256
d3df7141283079887f6c2cddd0f878b67d24ca8167a413232f7c9cc45e94f7f7

SHA512
3b721310d4e687a59a34efb80e6161a5c180ea1e743fc84735c0ab02a10f76c13de87fab1420999046f13936eaec4a7ca5d80402ec1d64a8a1b4a0dd2f2cd7c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259394390\images\content_bg.png

Filesize
1KB

MD5
3559c0336ac74800ba9ea60ea0ed3a02

SHA1
f9cf2b6619afa4ebca369471682dada91a7b002c

SHA256
f2813081788cb2573860206ca3208904374aa2ccb00294de0b73e6f955cfc3af

SHA512
b4e7c8b5de81c8c13140ea1962048601edaabf23b39a4238b9699d195a2fff18537bba85bc440571bc7a7bf2155732d5e5690e98546f7363337c5932ab5d537c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259394390\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
memory/2340-163-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-170-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-162-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-25-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2340-164-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2340-165-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-166-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-167-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-169-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-18-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-171-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-172-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-173-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-174-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-175-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-176-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2340-177-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing