cd322726913aef6e2cebea81fa7217ece1e5a6b9b9e413a142dfa9fded0febe2

Analysis

max time kernel
141s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5422931c4d670c53a45aec888f1edf43.exe
Size

649KB
MD5

5422931c4d670c53a45aec888f1edf43
SHA1

5e0bbd86ca160437700faf86773eb738117a64a3
SHA256

cd322726913aef6e2cebea81fa7217ece1e5a6b9b9e413a142dfa9fded0febe2
SHA512

71632657826068ca7828b86c08ff1229622fbac4efdcef4986b46b3450835c8f2ae944b056a56676ab463d5be0427aaee94fe03003a3fa4077a8e7cc229b4b30
SSDEEP

12288:o9B1iqSu23tb496Wrtf3+hGmTgPXF3Z4mxxLMENMIG+y0YS4/FbicwVS:qWP9b4Y+t/CGmTIQmXH2F+y/F2VS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2016	1.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\UNINSTAL.BAT	5422931c4d670c53a45aec888f1edf43.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2572	4616	WerFault.exe	87
3832	4616	WerFault.exe	87

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	1.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	1.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	1.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	1.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	1.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4616	5422931c4d670c53a45aec888f1edf43.exe
Token: SeDebugPrivilege	2016	1.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2016	1.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 4020	2016	1.exe	91
PID 2016 wrote to memory of 4020	2016	1.exe	91

C:\Users\Admin\AppData\Local\Temp\5422931c4d670c53a45aec888f1edf43.exe
"C:\Users\Admin\AppData\Local\Temp\5422931c4d670c53a45aec888f1edf43.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4616
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 704
  2⤵
  - Program crash
  PID:2572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 708
  2⤵
  - Program crash
  PID:3832

C:\Documents and Settings\»¶Ó¹âÁÙ\1.exe
"C:\Documents and Settings\»¶Ó¹âÁÙ\1.exe"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files\Internet ExplorEr\IEXPLORE.EXE
  "C:\Program Files\Internet ExplorEr\IEXPLORE.EXE"
  2⤵
  PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4616 -ip 4616
1⤵
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4616 -ip 4616
1⤵
PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\»¶Ó¹âÁÙ\1.exe

Filesize
649KB

MD5
5422931c4d670c53a45aec888f1edf43

SHA1
5e0bbd86ca160437700faf86773eb738117a64a3

SHA256
cd322726913aef6e2cebea81fa7217ece1e5a6b9b9e413a142dfa9fded0febe2

SHA512
71632657826068ca7828b86c08ff1229622fbac4efdcef4986b46b3450835c8f2ae944b056a56676ab463d5be0427aaee94fe03003a3fa4077a8e7cc229b4b30

Download Submit
memory/4616-0-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/4616-1-0x0000000002310000-0x0000000002364000-memory.dmp

Filesize
336KB

Download
memory/4616-2-0x0000000002560000-0x0000000002561000-memory.dmp

Filesize
4KB

Download
memory/4616-3-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/4616-4-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/4616-5-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/4616-6-0x0000000002510000-0x0000000002511000-memory.dmp

Filesize
4KB

Download
memory/4616-7-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/4616-8-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/4616-9-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/4616-10-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/4616-11-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/4616-12-0x0000000003500000-0x0000000003503000-memory.dmp

Filesize
12KB

Download
memory/4616-13-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/4616-14-0x0000000003550000-0x0000000003551000-memory.dmp

Filesize
4KB

Download
memory/4616-15-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4616-18-0x00000000022D0000-0x00000000022D1000-memory.dmp

Filesize
4KB

Download
memory/4616-17-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/4616-19-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/4616-16-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/4616-20-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/4616-21-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/4616-22-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/4616-23-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/4616-24-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/4616-25-0x0000000003590000-0x0000000003591000-memory.dmp

Filesize
4KB

Download
memory/4616-26-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/4616-27-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/4616-28-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/4616-29-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/4616-30-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/4616-31-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/4616-32-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/4616-33-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/4616-34-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/4616-35-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/4616-36-0x0000000003750000-0x0000000003751000-memory.dmp

Filesize
4KB

Download
memory/4616-37-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/4616-38-0x0000000003770000-0x0000000003771000-memory.dmp

Filesize
4KB

Download
memory/4616-39-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/4616-40-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/4616-41-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/4616-42-0x00000000037C0000-0x00000000037C1000-memory.dmp

Filesize
4KB

Download
memory/4616-43-0x00000000037B0000-0x00000000037B1000-memory.dmp

Filesize
4KB

Download
memory/4616-44-0x00000000037E0000-0x00000000037E1000-memory.dmp

Filesize
4KB

Download
memory/4616-45-0x00000000037D0000-0x00000000037D1000-memory.dmp

Filesize
4KB

Download
memory/4616-47-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/4616-46-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/4616-49-0x0000000003950000-0x0000000003951000-memory.dmp

Filesize
4KB

Download
memory/4616-48-0x0000000003960000-0x0000000003961000-memory.dmp

Filesize
4KB

Download
memory/4616-50-0x0000000003940000-0x0000000003941000-memory.dmp

Filesize
4KB

Download
memory/4616-52-0x0000000003980000-0x0000000003981000-memory.dmp

Filesize
4KB

Download
memory/4616-51-0x0000000003990000-0x0000000003991000-memory.dmp

Filesize
4KB

Download
memory/4616-53-0x00000000039B0000-0x00000000039B1000-memory.dmp

Filesize
4KB

Download
memory/4616-55-0x00000000039D0000-0x00000000039D1000-memory.dmp

Filesize
4KB

Download
memory/4616-54-0x00000000039A0000-0x00000000039A1000-memory.dmp

Filesize
4KB

Download
memory/4616-56-0x00000000039C0000-0x00000000039C1000-memory.dmp

Filesize
4KB

Download
memory/4616-57-0x00000000039F0000-0x00000000039F1000-memory.dmp

Filesize
4KB

Download
memory/4616-58-0x00000000039E0000-0x00000000039E1000-memory.dmp

Filesize
4KB

Download
memory/4616-60-0x0000000003A00000-0x0000000003A01000-memory.dmp

Filesize
4KB

Download
memory/4616-59-0x0000000003A10000-0x0000000003A11000-memory.dmp

Filesize
4KB

Download
memory/4616-62-0x0000000003A20000-0x0000000003A21000-memory.dmp

Filesize
4KB

Download
memory/4616-61-0x0000000003A30000-0x0000000003A31000-memory.dmp

Filesize
4KB

Download
memory/4616-63-0x0000000003D90000-0x0000000003D91000-memory.dmp

Filesize
4KB

Download
memory/4616-140-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/4616-151-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download