3c0538962b982b991eee6bc7f3120b84664f57a18bbc21eda3a4d1754644de2c

Analysis

max time kernel
140s
max time network
131s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 10:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4e17baaabd9c22f840fe309d1456cc14.exe
Size

1.0MB
MD5

4e17baaabd9c22f840fe309d1456cc14
SHA1

3a0250bc1813678436e0d53e60604ea1386d6af7
SHA256

3c0538962b982b991eee6bc7f3120b84664f57a18bbc21eda3a4d1754644de2c
SHA512

7a6c79cb6c97e08368b581d528780dcf46e1a931efdcd3a08d25c38d560b98ebbab7028e102a8afa94aefcdbabbebb0511f842fca0cc9b1c54c6a32348b6755c
SSDEEP

24576:aNmLc8UKe0Hxzgf5qg4a4VgbEHgXvKHTXoMibFIwOu:aDKeixUfj4HgYHgfkTYMMFIwO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2856	4e17baaabd9c22f840fe309d1456cc14.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2884	2856	WerFault.exe	4

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	4e17baaabd9c22f840fe309d1456cc14.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2856	4e17baaabd9c22f840fe309d1456cc14.exe
2856	4e17baaabd9c22f840fe309d1456cc14.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2856 wrote to memory of 2884	2856	4e17baaabd9c22f840fe309d1456cc14.exe	32
PID 2856 wrote to memory of 2884	2856	4e17baaabd9c22f840fe309d1456cc14.exe	32
PID 2856 wrote to memory of 2884	2856	4e17baaabd9c22f840fe309d1456cc14.exe	32
PID 2856 wrote to memory of 2884	2856	4e17baaabd9c22f840fe309d1456cc14.exe	32

C:\Users\Admin\AppData\Local\Temp\4e17baaabd9c22f840fe309d1456cc14.exe
"C:\Users\Admin\AppData\Local\Temp\4e17baaabd9c22f840fe309d1456cc14.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 1908
  2⤵
  - Program crash
  PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259392830\bootstrap_8112.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\css\main.css

Filesize
5KB

MD5
036af3fceab406a0f64c0f52034f76e5

SHA1
6db1a1e1085e23a33719865a5fbef4e722cf9518

SHA256
79bdad673a5b1bc6a9df2415ccc8283370441c060be76a425e3c44132b6676e7

SHA512
6fb28664c5a82b1eae33bb95e69aa2da533cb8b1137630855b75b48785b93f1af8d636a22570a5cbe2f667cccb307ebc1b0a434e10cee29670dd4eadc68cfe07

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\images\BG01.jpg

Filesize
25KB

MD5
71c80dde59856b701903b2fc0f91b075

SHA1
10265b56b1db49ec524b6832e14b0b4f08f26e1a

SHA256
45a11c15657eafada47d1b40f23ad47a067b6882c45f7d2e1754305aba40db4e

SHA512
35bc4a16852e589e3654f50dd2822e8310cc3f9287f95a7df6d8756af6e461822123d134aff7190c40bfed5545400b0dc9d30f70126750e0c45fb3d9902738d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\images\Close.png

Filesize
809B

MD5
1c6138108b31f0ad1c8f22f6f569f6de

SHA1
d6f3a9b3af755183b8fad5e00a3f00c81053d66a

SHA256
8b07d29151a7af1ff97f312e972e1609c50890cf0787c3b9e860bae853321040

SHA512
b539d67d669af93c22b33c431473a310bb983e4979caed6a74bf1993cd949714f42aad157c3357e2cfac2cfbffb6c3fda9d6e7e4089fdca8996d5b752c571901

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\images\Color_Button.png

Filesize
1KB

MD5
eda0f9fe2914bc66f4ad4861f6db1a1f

SHA1
ad525e4558276d81b52c2fc8b6d09352a270ee1c

SHA256
e325ce8afd3f60969a3465d0a221d2f023e1c4fa88a48b551328ab715c5bb8fb

SHA512
ac7bd622f6a1eae051e29f59f8010d44ca3293aa89549b0e2575655cb8e21012517f5c3cfc0f73ef3b48dff78c84ec79d51cc3c8cc7e5e6cf16ece2c6e9aece2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\images\Gray_Button.png

Filesize
1KB

MD5
02931901ed9381a0ac04384ddc55a8ae

SHA1
fe447aff5155d46dfde8570caa1c5b2e30b7a2c7

SHA256
216cf446b17585d388b1105409c8c24aa962e6ab1f660d6959c7f8ffcf6aa103

SHA512
03c89f7918058b4013b1ca9151a7be314a0ba2bc02cc56961e6a6fde8fb516b84ec37268644f8bba730f64073e3e6d15e404912c4d3e85a5a5e1d2df2badf29f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\images\ProgressBar.png

Filesize
1KB

MD5
b6e30cf41d44ec03cdf9cb05c622f8e3

SHA1
885ac809976d64dd7fafe92df4cb615521766ed3

SHA256
342b0b36ee6c9922fcb6f1add3cf46b5e41dc2d0fd8572481467dcc3c05c27dc

SHA512
522717ef48698f5dd3985a0477608bee6dfd0d2344e573301112461f83c0ee5fbe530b99e001e61ab1d76817d7ad32219ea9c8a7d39f95599a5e358903bf0b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\images\ProgressBar_element.png

Filesize
236B

MD5
95cbac4dc07f686c45f154a394e67869

SHA1
8fdca7e090767be4e422371fb0dbf03b4ad8352e

SHA256
3e12544469963fbeaeb1a7bc9de7026bcf639bf17c3ae424b2e4809058578a5d

SHA512
6d99ff303b6da5ec950894d93a7baa82a328aa517e461a2d8a625f9728afbc03116bbdedbdde9b61abedc203b2c64ce2fba2bbd86dc4099f391c931e6f5225a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392830\images\loader.gif

Filesize
10KB

MD5
57ca1a2085d82f0574e3ef740b9a5ead

SHA1
2974f4bf37231205a256f2648189a461e74869c0

SHA256
476a7b1085cc64de1c0eb74a6776fa8385d57eb18774f199df83fc4d7bbcc24e

SHA512
2d50b9095d06ffd15eeeccf0eb438026ca8d09ba57141fed87a60edd2384e2139320fb5539144a2f16de885c49b0919a93690974f32b73654debca01d9d7d55c

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_4e17baaabd9c22f840fe309d1456cc14.exe

Filesize
1.0MB

MD5
4e17baaabd9c22f840fe309d1456cc14

SHA1
3a0250bc1813678436e0d53e60604ea1386d6af7

SHA256
3c0538962b982b991eee6bc7f3120b84664f57a18bbc21eda3a4d1754644de2c

SHA512
7a6c79cb6c97e08368b581d528780dcf46e1a931efdcd3a08d25c38d560b98ebbab7028e102a8afa94aefcdbabbebb0511f842fca0cc9b1c54c6a32348b6755c

Download Submit
memory/2856-128-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-135-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-127-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-0-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-129-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-130-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2856-131-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-132-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-133-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-1-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2856-136-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-137-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-138-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-139-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-140-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-141-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/2856-142-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download