6f47b5cd969eb75a66110c3857b32fd740603ebd64a060fa6f172fa9446e08a4

General

Target

5214d97ffdb9bc40e191ad551d94c754.exe
Size

1.1MB
MD5

5214d97ffdb9bc40e191ad551d94c754
SHA1

91450434201849d63cf1a19b0e9ddbfe384fd458
SHA256

6f47b5cd969eb75a66110c3857b32fd740603ebd64a060fa6f172fa9446e08a4
SHA512

79ea9c3aa5497b24fe4c0cb3791744bc5d4d850166a87344fd9bfa352ddc80de60ce27ccef4c7b227461d8fba43c7bf8983721188c15cb1dc31719d377c7fa65
SSDEEP

24576:zlCHqtAvNs1xN4Js9MXbzy9Y8/HaRkZrn45KLbRAYXaT9DVvCT:zlCoAFsXNjmXbzyu84kZr45KLbRAYKT6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	5214d97ffdb9bc40e191ad551d94c754.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2940	5214d97ffdb9bc40e191ad551d94c754.exe
2940	5214d97ffdb9bc40e191ad551d94c754.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2940	5214d97ffdb9bc40e191ad551d94c754.exe
2940	5214d97ffdb9bc40e191ad551d94c754.exe

C:\Users\Admin\AppData\Local\Temp\5214d97ffdb9bc40e191ad551d94c754.exe
"C:\Users\Admin\AppData\Local\Temp\5214d97ffdb9bc40e191ad551d94c754.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259392534\bootstrap_17606.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392534\css\main.css

Filesize
5KB

MD5
a35ca94bb840249c0f3fcc711b6f0cb2

SHA1
ceca18ddddee33e1975f9f04b71b6fc4cc31f6b2

SHA256
44f4ba01cf1554734b3ab52ffe2bb9192d20c1661b4b17de97c523a2a9f03f9c

SHA512
f8cdcf293c6ab2dc32dae366a149efbb86ccb710fdcb4623024e73c3cf23e4efbc515bd3cbc4e19363eb6e22efef4a7bf77718987ee2e076a2969c845f9d99fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392534\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392534\images\close.png

Filesize
365B

MD5
69749961b3a71a1d4dea77263085d89f

SHA1
f6772a2deedf13860a0e2455c79ea8ea7659af41

SHA256
2b70a1fe0d47f3b744c337af1c7803b771b08608de16ee665403e82374f9cf31

SHA512
a34cca02d3c3cfe84d5ef943bd95671fcc6461b206e11842bd298c82149110a5a28ac325323511bb2c4ca7d0b0ecdbe3a2c78b8cbbe6207359694ef373459129

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392534\images\content_bg.png

Filesize
1KB

MD5
3559c0336ac74800ba9ea60ea0ed3a02

SHA1
f9cf2b6619afa4ebca369471682dada91a7b002c

SHA256
f2813081788cb2573860206ca3208904374aa2ccb00294de0b73e6f955cfc3af

SHA512
b4e7c8b5de81c8c13140ea1962048601edaabf23b39a4238b9699d195a2fff18537bba85bc440571bc7a7bf2155732d5e5690e98546f7363337c5932ab5d537c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259392534\images\main_bg.png

Filesize
4KB

MD5
9baa43914a9f8d0d1dd572d7d09a5ed4

SHA1
ed963bef6ee88003fd063cb2f6b6913089433927

SHA256
e117309d44cd5d673683e44593d8a8c1d9a89afc9ac850c6645f3c7ff8d6a5d5

SHA512
c7f5a0789bcc1cf82df75997f9bc18480dcd6454bc43e910bc565d6c75f81d21806b607d054a72234304b5d6ee29a385357d293abc31c9acdb9a20087a773f0b

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_5214d97ffdb9bc40e191ad551d94c754.exe

Filesize
33KB

MD5
d9f4174ec512ef95292d85d90cdb0a04

SHA1
320ab4c4b32a12b11381c1eb65b69e41eef45a88

SHA256
8190e18ac853db02a867ed4232e4c5bc73a2f0281f21cc871fa3c8179bec6a0c

SHA512
5388f46a698e8487f8d8a01c6184333f473b21d5635aaca4c46159b531f338a43952e6d41f357b53cb7a63c2e3ab3ead52351d4a5d142d96f8ccbbfad5999a0a

Download Submit
memory/2940-163-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2940-169-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-161-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-162-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-34-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2940-164-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-165-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-166-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-168-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-24-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-170-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-171-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-172-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-173-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-174-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-175-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2940-176-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing