302d6f18cd340b57755c0e80172cbf57db70d9b3c26a76bd24b2016b61bba45f

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

534e8e291a09631ec0e63d1e93c2895c.exe
Size

643KB
MD5

534e8e291a09631ec0e63d1e93c2895c
SHA1

79370058402f59160174975de94a1ae180c9a4cf
SHA256

302d6f18cd340b57755c0e80172cbf57db70d9b3c26a76bd24b2016b61bba45f
SHA512

9170a4fd9a20f229a80c48d8b3f82148c71daaf58b4638ad906ad6ea8382f0b775d2d1219e7a3fdb98c55bbf57baa77f40f3a43cd2bf1a99a03a954de50cddf1
SSDEEP

12288:u9pSdKrT3wBDe5394bxzJH3nCL7eZmePFF3Z4mxxNDqVTVOC3:uK4rsRWUzcLCIedQmXMVTz3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1724	Iowrminedzard.exe

Loads dropped DLL 1 IoCs

pid	Process
1724	Iowrminedzard.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll	Iowrminedzard.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll	Iowrminedzard.exe
File created	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe	534e8e291a09631ec0e63d1e93c2895c.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe	534e8e291a09631ec0e63d1e93c2895c.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1724	Iowrminedzard.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1724	Iowrminedzard.exe
1724	Iowrminedzard.exe

C:\Users\Admin\AppData\Local\Temp\534e8e291a09631ec0e63d1e93c2895c.exe
"C:\Users\Admin\AppData\Local\Temp\534e8e291a09631ec0e63d1e93c2895c.exe"
1⤵
- Drops file in Program Files directory
PID:2308

C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe
"C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe

Filesize
5KB

MD5
9481c3d01bbc5a95ddaf705900e1e521

SHA1
0490c1ae79480edb472244f3105857c9c7b18c16

SHA256
cbfe8bf74831e72893098a171dbf0781d49aac15ab06b0b5bbe92c2c97ff833e

SHA512
6932fb356390b766fa743ec530f365ddb0b026609de99854e64bbd2a091a5a0a670e40f7b972128a1340384cf61cc6003a69240ff4c9a055d416d31d02a8ae6e

Download Submit
C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe

Filesize
54KB

MD5
2103e701d2e72e82557e40af3a92611a

SHA1
e53db2d01e663a5e8111b096e4684659dd4c1009

SHA256
dbce1d982327ff67f78aac1785afe7b17e255b5b78dc624a91e8c20a973282a7

SHA512
f42becdf08dfb0582ec1c38596f6297aab95c83f4d4a33c362b9f60bf57e900b166068b1441e2b6aa8cefb0dc85575e8c3625d994d24dcd9d7273d0b5d302c22

Download Submit
\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll

Filesize
23KB

MD5
65441c3202c84e4469cd6df4a8f9f015

SHA1
dc319c7dbf303c02e9b02c1ea9606f219c08818c

SHA256
4d2ccb5def18f12b213421f0547c79f921b010e29160a1b34506e26561de55f2

SHA512
367b20ff47a3b3e643f48cd5546955f17b4687a0accad9f3efe2ba7e8e63937cb5a4cfd58b2883a0214e5ee1b7dc5404de97d7adb8e08d447d5c16ffd80b8623

Download Submit
memory/1724-150-0x0000000003740000-0x00000000037D7000-memory.dmp

Filesize
604KB

Download
memory/2308-1-0x0000000001CE0000-0x0000000001D34000-memory.dmp

Filesize
336KB

Download
memory/2308-0-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2308-3-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2308-10-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2308-9-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2308-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2308-7-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2308-6-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2308-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2308-11-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-12-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2308-13-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-28-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/2308-27-0x0000000001F20000-0x0000000001F21000-memory.dmp

Filesize
4KB

Download
memory/2308-45-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-48-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-59-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-65-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-64-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-63-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-62-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-61-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-60-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-58-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-57-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-56-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-55-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-54-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-53-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-52-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-51-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-50-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-49-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-47-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-46-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-44-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-43-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-42-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-41-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-40-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-39-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-38-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-37-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-36-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-35-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2308-34-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/2308-143-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/2308-33-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/2308-32-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2308-31-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2308-30-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2308-29-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-26-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/2308-25-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/2308-24-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/2308-23-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/2308-22-0x0000000001F10000-0x0000000001F11000-memory.dmp

Filesize
4KB

Download
memory/2308-21-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/2308-20-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2308-19-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-18-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-17-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-16-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-15-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download
memory/2308-14-0x0000000003260000-0x0000000003360000-memory.dmp

Filesize
1024KB

Download