302d6f18cd340b57755c0e80172cbf57db70d9b3c26a76bd24b2016b61bba45f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

534e8e291a09631ec0e63d1e93c2895c.exe
Size

643KB
MD5

534e8e291a09631ec0e63d1e93c2895c
SHA1

79370058402f59160174975de94a1ae180c9a4cf
SHA256

302d6f18cd340b57755c0e80172cbf57db70d9b3c26a76bd24b2016b61bba45f
SHA512

9170a4fd9a20f229a80c48d8b3f82148c71daaf58b4638ad906ad6ea8382f0b775d2d1219e7a3fdb98c55bbf57baa77f40f3a43cd2bf1a99a03a954de50cddf1
SSDEEP

12288:u9pSdKrT3wBDe5394bxzJH3nCL7eZmePFF3Z4mxxNDqVTVOC3:uK4rsRWUzcLCIedQmXMVTz3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5060	Iowrminedzard.exe

Loads dropped DLL 2 IoCs

pid	Process
5060	Iowrminedzard.exe
5060	Iowrminedzard.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll	Iowrminedzard.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll	Iowrminedzard.exe
File created	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe	534e8e291a09631ec0e63d1e93c2895c.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe	534e8e291a09631ec0e63d1e93c2895c.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1820	3620	WerFault.exe	16
3952	5060	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5060	Iowrminedzard.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5060	Iowrminedzard.exe
5060	Iowrminedzard.exe

C:\Users\Admin\AppData\Local\Temp\534e8e291a09631ec0e63d1e93c2895c.exe
"C:\Users\Admin\AppData\Local\Temp\534e8e291a09631ec0e63d1e93c2895c.exe"
1⤵
- Drops file in Program Files directory
PID:3620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 324
  2⤵
  - Program crash
  PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3620 -ip 3620
1⤵
PID:3976

C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe
"C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5060
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 320
  2⤵
  - Program crash
  PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5060 -ip 5060
1⤵
PID:4028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll

Filesize
18KB

MD5
eb6e21b0ae75bd97038a6e43cb5a7826

SHA1
c05b6d3dc611f7f166fb13644723f33ef871d07d

SHA256
bf823a3a99d33ef05d68088852ccf8471a3ecb6c46dae6582743ecf69bc20f2d

SHA512
be0822d449199ae4e622da7a0c1a52c00f86ec71d066124ef6aab53d603a4750006a4a760a5accab7790a34e226c40fd90a6cbb68128c07f90772d5aca3937ac

Download Submit
C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll

Filesize
18KB

MD5
55b8e51bdba66e8f4e1fe2ad7869d8b2

SHA1
ff7c8783e265c3179930d72221bf0f33d9ba0131

SHA256
3f378e6193b3058f79b71b492a9226bfc0fb58510bf3c7e2582541891a662f1e

SHA512
1c174adde4a13d4bf2a732edeaf5f507dfd6af64dc6cb76885653ca3deee0c75ffb240bfc2bc8411a02d819f08125ee1043e2889e71e053d177be92552f9161f

Download Submit
C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.dll

Filesize
19KB

MD5
3f3092e6b4962daefdba07d8a82c7ace

SHA1
707256ca7f6622945d24a8ff817314455ddc4689

SHA256
cdcea891ca9629fb4a4f2be038b740e37469cae1857c63ee866d095e7760e116

SHA512
cb82d9a414cb86d42ec4cf92033f22979ae187ec10fc34cc6cc2ecd66106851c9c4461337f8f19c8977d0db28df02c1874bcd0293f13ebd432e716ebd32f7cdc

Download Submit
C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe

Filesize
16KB

MD5
01bb54214eb1793a4c4ff01ca2c57f30

SHA1
6f5016232f455a3e1e55d6b3fad618ff4cf1a47b

SHA256
4827f450908171bbd804636385fcddcbcf5ea3f1c2678f2941001bbb331c0f7a

SHA512
791e0f1000de6762a051cad49db4330131a34344fcdd38586dca9fa4188e3eddf878f68df4b2aacd345c3cfd36b983f8fc3b79d4aba295d1af9f4af5424309ae

Download Submit
C:\Program Files (x86)\Internet Explorer\Connection Wizard\Iowrminedzard.exe

Filesize
61KB

MD5
877b66782fcab446479e2e2ba76ffb4b

SHA1
a7c038ff5968169e7b1f561593a4596dcbeed85e

SHA256
ebff01df76c5b128483bcac81d1c32092f99015d1fab5bcd3408b6f8c841a845

SHA512
adae2c5f59829defb7602c6ee6581f4d908e49db6ff49d965abcf7884858ccfc40fd36ec5a47b4e842853a70516ee070d8c2813e4761aa02daa9e2cdd8bbf8ea

Download Submit
memory/3620-43-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/3620-39-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-12-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-18-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-42-0x00000000024A0000-0x00000000024A1000-memory.dmp

Filesize
4KB

Download
memory/3620-24-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-25-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-38-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/3620-48-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-53-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-55-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-54-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-60-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-62-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-65-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-64-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-63-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-61-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-59-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-58-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-57-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-56-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-52-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-51-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-50-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-49-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-47-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-46-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-45-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-118-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/3620-44-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/3620-0-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download
memory/3620-23-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-2-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/3620-11-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-41-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/3620-37-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/3620-36-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3620-35-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/3620-34-0x00000000023E0000-0x00000000023E1000-memory.dmp

Filesize
4KB

Download
memory/3620-33-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/3620-32-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/3620-31-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/3620-30-0x0000000002430000-0x0000000002431000-memory.dmp

Filesize
4KB

Download
memory/3620-29-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-28-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-27-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-26-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-22-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-21-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-20-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-19-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-17-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-16-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/3620-15-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-14-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-13-0x00000000033C0000-0x00000000034C0000-memory.dmp

Filesize
1024KB

Download
memory/3620-40-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/3620-10-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/3620-9-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/3620-8-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/3620-7-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/3620-4-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/3620-3-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/3620-1-0x0000000000A20000-0x0000000000A74000-memory.dmp

Filesize
336KB

Download
memory/5060-116-0x00000000023F0000-0x0000000002487000-memory.dmp

Filesize
604KB

Download
memory/5060-176-0x00000000023F0000-0x0000000002487000-memory.dmp

Filesize
604KB

Download
memory/5060-175-0x0000000000400000-0x000000000054D000-memory.dmp

Filesize
1.3MB

Download