4806de856a2d9d5f3d62d7be684ed0392998b1995d786509cc62cc95338984bc

Analysis

max time kernel
148s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55192961668c363485261dcd919ef5ce.exe
Size

706KB
MD5

55192961668c363485261dcd919ef5ce
SHA1

bca1082e45d096d5f136ceb9352d9ebdb6189dd8
SHA256

4806de856a2d9d5f3d62d7be684ed0392998b1995d786509cc62cc95338984bc
SHA512

8652b2900785dea1d51dd996122bc5eddab5f05f519dcb4a61d4b517b5500a8fc3b7dc914d68fd9b7fa17d6f040afa5a5195422d236c0c1a19dd380c0e00f02a
SSDEEP

12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGsprcldzLFHOW+X2+fZa:gpQ/6trYlvYPK+lqD73TeGspQldzRuhW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1224	ScrBlaze.scr

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\s18273659	55192961668c363485261dcd919ef5ce.exe
File opened for modification	C:\Windows\s18273659	55192961668c363485261dcd919ef5ce.exe
File created	C:\Windows\ScrBlaze.scr	55192961668c363485261dcd919ef5ce.exe
File created	C:\Windows\s18273659	ScrBlaze.scr
File opened for modification	C:\Windows\s18273659	ScrBlaze.scr

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Control Panel\Desktop	55192961668c363485261dcd919ef5ce.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Control Panel\Desktop\SCRNSAVE.EXE = "C:\\Windows\\ScrBlaze.scr"	55192961668c363485261dcd919ef5ce.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	ScrBlaze.scr
Set value (str)	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	ScrBlaze.scr
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	55192961668c363485261dcd919ef5ce.exe
Key created	\REGISTRY\USER\S-1-5-21-1603059206-2004189698-4139800220-1000\Software\Microsoft\Internet Explorer\Main	ScrBlaze.scr

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1104	55192961668c363485261dcd919ef5ce.exe
1104	55192961668c363485261dcd919ef5ce.exe
1224	ScrBlaze.scr
1224	ScrBlaze.scr

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1224	1104	55192961668c363485261dcd919ef5ce.exe	29
PID 1104 wrote to memory of 1224	1104	55192961668c363485261dcd919ef5ce.exe	29
PID 1104 wrote to memory of 1224	1104	55192961668c363485261dcd919ef5ce.exe	29
PID 1104 wrote to memory of 1224	1104	55192961668c363485261dcd919ef5ce.exe	29

C:\Users\Admin\AppData\Local\Temp\55192961668c363485261dcd919ef5ce.exe
"C:\Users\Admin\AppData\Local\Temp\55192961668c363485261dcd919ef5ce.exe"
1⤵
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\ScrBlaze.scr
  "C:\Windows\ScrBlaze.scr" /S
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
e700cfb01196f803aaef294235d461a1

SHA1
5fa9ed92a4e5985c649bd9d867e3aef01bcb0e9f

SHA256
316d0d66ff065e2d39fae5fadb15575a70e082c111f6d6c0a1a6261bf285b684

SHA512
17d2c6f2db710bd4c0cb8e70f44845a772000852feb6178b3f42f22b00bdbec1157105cd75e8fa75340ffd0d600b0f43c6fcf605bb9e4ac9eae2afc313f5ef1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

Filesize
471B

MD5
477c91f11514533c8f3d658992afe212

SHA1
edac7fc139ccb99fa266943eb64aef2afb991db2

SHA256
d4b1fbbaf90c2b9ccc8fac014ca3d29b3a239fb18f5d2f56bc2d2c893dfc15eb

SHA512
ed5b29786c0471b42a3fc9ab9142e8467d0aff6a193589530660b736ff58cee4975c80ee1d9f411aeadb437152a53722f4e71194b9c945fdf35f4a456453db42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F134D707C209C83E02D4485138FE5D48

Filesize
471B

MD5
5abda1a5dbc33adf86885512bd06516a

SHA1
caa3ff76b193db37efa1a1eba75bbae22ad5e1bb

SHA256
81faa05beee1ec3c31c740cd3b24d64ced3a70ed412dd1a1de1360652e116fea

SHA512
aa29bfa1c0965e266d96803921e0e5f044e3242361572222b7d648f8268fbb3ddf7be8208fa0991c88b30fcb0d60e48df97bd7f100a415c863426dc128c553ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
c4dafbdb726c8edf5d8d7897f53d74d0

SHA1
8322769ac4f08de01cd11ac5e958d7e0c48c519c

SHA256
3d4c24f42e351cf8573f18dbc74b827b454d3d4dd162974c629cb76862dd4dcb

SHA512
0eaf6d7fa0ff0127aab4f8f163feea00fab884e408355cfe2d009b55fb2c860a8e4b2f12fc900dc37a11e99e31d62808c851c6a44a31337c928d9d1a6319727d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a933ceb42739562247e6b7858005b9ee

SHA1
f961ec15f084befacea1a0155d3726543f98ca18

SHA256
74c24119b25a36478e4cf077c649c9e4afb2664108e4f9180b19650a93bbcc5f

SHA512
e646d51da71e4cdd59e8b8298842d016610d5290032cab5152e0a537a0413d549ed5e38e705d880acaa5e8234c2d10492f385168493248f5c04260ecfba4984b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
ca8eb5e259d7b4c1378f0abfeae7de46

SHA1
78ca017b42730c7ed308fd1a11e9920774bca471

SHA256
bd3ec7ba2025ec473024deae5c91aa86187f7a5239f16f3ef080ac70f02bfda0

SHA512
ce7400a4c854de82684d8b6844fc9db1f1115a77fbcc48a33850627c6fa43bc6dc27dea4f164ab671ee24cb1e417be340dbf0cc3102f97faf0a66f6c9c3f26f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_9FBD3BA6168F3C4317F2AAB1E548FE96

Filesize
406B

MD5
ef204795cf75b7896db34e88df47a24f

SHA1
386861f0ff3ffbd8aa5c4ffc00b41614e4f7af25

SHA256
1574691bf23110f8d200717feb1a7b10cfeffa6264d7bdbcf5d9604ec8acab8a

SHA512
6741c8bb735c7850a1d546d466dc25648a57a7a99d577eaee23e78e845822b5223b8cab5bda4a4c85c68f18361da8600b12362981109a2045b70f23fd8223385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F134D707C209C83E02D4485138FE5D48

Filesize
406B

MD5
12715b123d9a470e45d11bedb9796057

SHA1
9057fd193c844d6a03c1fd15ba56cd80b8e16f52

SHA256
fccc2ee807853975950017c946c5b5f1150512baaf3bf292cdb65abce73b783b

SHA512
e61e8733f89a171f2cd76cb921738f9ebb712487d114091b01537df864b003e8e4158ac94caab102f92f8c7ede4dcbe56c09a1b410eb292fe8229dbeb80330bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R90HQQX\firefox[1].png

Filesize
9KB

MD5
7f980569ce347d0d4b8c669944946846

SHA1
80a8187549645547b407f81e468d4db0b6635266

SHA256
39f9942adc112194b8ae13ba1088794b6cb6e83bd05a4ed8ce87b53155d0e2f7

SHA512
17993496f11678c9680978c969accfa33b6ae650ba2b2c3327c45435d187b74e736e1489f625adf7255441baa61b65af2b5640417b38eefd541abff598b793c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WEH2YLI\css[1].css

Filesize
159B

MD5
ff0bf9d3cc4d07f95eef640c1d790a59

SHA1
cd8e2a8d6730f9e0462e4f6a638c8cb9d48fb6e3

SHA256
a050244d5ec49afeed7cc2c870e75dae86dfdbe8e7bc56fe533436e83e2b5ba2

SHA512
fe726865ce47079263e573a89393fa74879e264f8cb114c246e24076dce4aa72fc6f4a5450df3a6fa2c2b327f06d8e74ba1d7db6d5bca75fd51abfbc691764e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WEH2YLI\edgium[1].png

Filesize
6KB

MD5
01010c21bdf1fc1d7f859071c4227529

SHA1
cd297bf459f24e417a7bf07800d6cf0e41dd36bc

SHA256
6fb31acdaf443a97183562571d52ce47dd44c1a8dcb4087338d77ea2617b286e

SHA512
8418d5ac3987ee8b6a7491167b0f90d0742e09f12fceb1e305923e60c78628d494fcd0fee64f8a6b5f6884796360e1e3ec1459dc754bbfb874504f9db5b56135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E25VF8N4\opera[1].png

Filesize
2KB

MD5
5cb98952519cb0dd822d622dbecaef70

SHA1
2849670ba8c4e2130d906a94875b3f99c57d78e1

SHA256
02f95fbdb68f232bffd4f2c0fdd033d6c83b829c610cddccc0b1d43e2274e6a7

SHA512
5f29b7459fbd01e16dbd196e4bcddf109af017cccf31337abe1cec6cc5a84711fc2cd34ad7a35d9432a9d7e42ca23d7f6c9d4315396429d7b8e48b9491696afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E25VF8N4\yt_logo_rgb_light[1].png

Filesize
8KB

MD5
d654f892f287a28026cd4d4df56c29c8

SHA1
98779a55fe32a66ebec8338c838395d265e45013

SHA256
fc6f5d8f32f13d5855840234dc1bff5c91c35318ee2192d99b13eb3572f0bca8

SHA512
3668902aeaf792ad73ba51e0a4caaa520ebc38177791dfac9a9b28026c3bde99e721bf54d626f266a19cfd045a6d2dc8c8e70e53a2c5ee524c6f2736bb0ce409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\chrome[1].png

Filesize
6KB

MD5
ac10b50494982bc75d03bd2d94e382f6

SHA1
6c10df97f511816243ba82265c1e345fe40b95e6

SHA256
846a9b551e74f824fd7ace3439a319b0c0803449e8caec9f16e2666e38a80efd

SHA512
b6666b540aef6c9c221fe6da29f3e0d897929f7b6612c27630be4a33ae2f5d593bc7c1ee44166ce9f08c72e8608f57d66dd5763b17fec7c1fb92fc4d5c6dd278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\css[1].css

Filesize
295B

MD5
c18654d2625359b3729697558589f400

SHA1
3ab115242225d36c21cb8ac37d4abb4b961cbd65

SHA256
f8892fc40e6f4ea4ffc6be8c43c5d1e61bd6f82d47e3aadefebcd4df8c8f6bd4

SHA512
fbb1830a40761f7a3a9f0bf99ebc3c47faff1e6af980ffbcdf816cff5868ed6442af1caf4988335616fd6bb7f06f86315b3101b150f9e72012c34526988ea99d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YT4IJQ91\dinosaur[1].png

Filesize
57KB

MD5
bdda3ffd41c3527ad053e4afb8cd9e1e

SHA1
0ad1bb7ce8d8a4dc8ac2a28e1c5155980edfab9b

SHA256
1a9251dc3b3c064cfc5e2b90b6c7dc3c225f7017066db2b77e49dae90a94a399

SHA512
4dc21ef447b54d0e17ccd88db5597171047112ce1f3f228527e6df079ce2a43a463a3a1e4255828b12f802d70a68dbe40b791852134be71c74de97718b2f1d5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab586D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar607C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3GH5ECGM.txt

Filesize
74B

MD5
bb2e740cfa834d6ccf167cca41459d30

SHA1
4d0e8fcc213bcf271594d6c3e79a4aa7670eb32c

SHA256
533b6097506388afc075efb1638edc3770c41ae778648d9f7744ab4586e28ed8

SHA512
321762b035942d202177e8cce241382ee621279c19fa318cc3801df63d12d73d5a219bb8925c1e88a67573c976b9e46ba2c152668c83900b326b355bdfdf13a4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7K6I8BRK.txt

Filesize
364B

MD5
a0d5507709a114b7531ce0010add4fbb

SHA1
ee83bd7547f8a160ec5e88fa85d321d3f05e2acb

SHA256
41c0028beeb7eb14ff0256cbd41caa3c9cbd5a662441b51899848f6d03b6a27b

SHA512
a5a9ae7981ebffcb62347d6f337abb7361cb9c0dd989119f12587b7346a273392842cc1005e0212bc58971c9215fef6c6bd57ae96a2587e82a3c5908b85ef243

Download Submit
C:\Windows\ScrBlaze.scr

Filesize
706KB

MD5
55192961668c363485261dcd919ef5ce

SHA1
bca1082e45d096d5f136ceb9352d9ebdb6189dd8

SHA256
4806de856a2d9d5f3d62d7be684ed0392998b1995d786509cc62cc95338984bc

SHA512
8652b2900785dea1d51dd996122bc5eddab5f05f519dcb4a61d4b517b5500a8fc3b7dc914d68fd9b7fa17d6f040afa5a5195422d236c0c1a19dd380c0e00f02a

Download Submit
C:\Windows\s18273659

Filesize
852B

MD5
dfb172d60043c502300414d39b918434

SHA1
513312817a6c1f2a1c47a4e5265e98fccbc53702

SHA256
08e026454357ccc52ce3dc9822986c2616d08a68ac89552f181e523841dc6682

SHA512
cc2cc7a1f8209ba372f98db8e88bb6a46e8ad5759c7a9d31997e9ad56232d4fffd5403c0937cb5e732435a3487fdace50c635d80211a3c6994bcbd06907eb14a

Download Submit
C:\Windows\s18273659

Filesize
975B

MD5
dffd282edd59f93ff6c971b81c7b6367

SHA1
636119c4ba751b97958289cfcbded7f6d91e0f00

SHA256
449e31b5acab6c461ded0cf2a78fb80fcae4fc39f1b52c86092174b5c159c504

SHA512
dbb4015978e23150c249071f6126ee9e9b583b17e34183d910b2bc3f5b18deb93dc46b9b33f1831d72bd94687e406cf02813ccd43df8c502878a4e0bcd016901

Download Submit
memory/1104-62-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1104-0-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1224-70-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-71-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-67-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1224-60-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1224-66-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-69-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-65-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-68-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-127-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-149-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-150-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-151-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-152-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-153-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-156-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/1224-157-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download