52cd8f65112cfb10bbd8f14eb27d793888c06a2e79902084f533e26438b1c0ba

Analysis

max time kernel
146s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 11:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58c504bfb3b88500ffb0714bcb5123af.exe
Size

8.0MB
MD5

58c504bfb3b88500ffb0714bcb5123af
SHA1

1b072fe6fe0cc2da775f50e66c7cc40c8a8b7426
SHA256

52cd8f65112cfb10bbd8f14eb27d793888c06a2e79902084f533e26438b1c0ba
SHA512

abcf7fd6d92806b4f636d4ec5de135f9743ed759afbf0ad868239786f012afab475704af82b4c712efdb5d5e6fc0fbebfae794e41cf88c814d118c064530ce91
SSDEEP

196608:n5fLZRAo93I+yO1d9eP2j8OkpvJtSi1zwfkikcQm1Q:nNYaYrO1d9Vj/kR3hNwfkiDZQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2352	58c504bfb3b88500ffb0714bcb5123af.exe

Loads dropped DLL 2 IoCs

pid	Process
1984	58c504bfb3b88500ffb0714bcb5123af.exe
2352	58c504bfb3b88500ffb0714bcb5123af.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2352	58c504bfb3b88500ffb0714bcb5123af.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	58c504bfb3b88500ffb0714bcb5123af.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	58c504bfb3b88500ffb0714bcb5123af.exe
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	58c504bfb3b88500ffb0714bcb5123af.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2352	58c504bfb3b88500ffb0714bcb5123af.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2352	58c504bfb3b88500ffb0714bcb5123af.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2352	58c504bfb3b88500ffb0714bcb5123af.exe
2352	58c504bfb3b88500ffb0714bcb5123af.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2352	1984	58c504bfb3b88500ffb0714bcb5123af.exe	28
PID 1984 wrote to memory of 2352	1984	58c504bfb3b88500ffb0714bcb5123af.exe	28
PID 1984 wrote to memory of 2352	1984	58c504bfb3b88500ffb0714bcb5123af.exe	28
PID 1984 wrote to memory of 2352	1984	58c504bfb3b88500ffb0714bcb5123af.exe	28

C:\Users\Admin\AppData\Local\Temp\58c504bfb3b88500ffb0714bcb5123af.exe
"C:\Users\Admin\AppData\Local\Temp\58c504bfb3b88500ffb0714bcb5123af.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\58c504bfb3b88500ffb0714bcb5123af.exe
  "C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\58c504bfb3b88500ffb0714bcb5123af.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\58c504bfb3b88500ffb0714bcb5123af.exe

Filesize
32KB

MD5
b64b309fbaf6d3157f6eb219d62dcb9f

SHA1
e2279b7b2af3b3467773b361873aaba00dd11fca

SHA256
a0eaeebb816f4bd98d292a6f3b1d3efefa7b57be6c892a8c38198a1346bd0ff7

SHA512
43fd28f351bd4bb668aa7b060b34ad4acd519aa746436f306c7824e04fd5768f0e843f5010bfee57bd3c74afb78d790bb0528e9d89290bfd7b583aa4b3cacc89

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\58c504bfb3b88500ffb0714bcb5123af.exe

Filesize
193KB

MD5
771b53fadd028318c651db498283f1b0

SHA1
02c3d698f99b1d93d3277326225a11b991ee666c

SHA256
07eb7c3005cce07db8684bf9a5c3dbc166e5132b742e956cf9f22dca7b9e85e5

SHA512
c32461e75c0d9e955d770d07746d9bd0a8acadc6350a402e875c730f04fc96cee697156ac266bcdafc19f7b08b29c45381790d581df64a5da94fcedaa6b6bdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\images\3.jpg

Filesize
78KB

MD5
cf87f74938eee1803cd57420ec021e53

SHA1
1fe9864ca3d48b5e826721bee65c276c064cc891

SHA256
eb6f20af097bb06d14e1cd5374d639acc287149b0988a9f9251413d40dd84693

SHA512
bcc92fb409d328bdf5fa736a2734ae28b422696aa9e9ae763169729fa34e2f790a6b5f8f33b33982707ffa00275089e970f0c8a1e351030fcbaef4bb05cfbc29

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\images\btn-bg.png

Filesize
2KB

MD5
47ee2f8dee1aaa393b6429a5056b218a

SHA1
9875e42e735621ba5f6946460b8afe5e1a11e2d2

SHA256
487d1d1424781d93d4ae294ee177798102fc393bd139462cd17d6c250da57151

SHA512
eb87341d8b88ca0cec70721d58878ef6e3ec50334dbe11d2528cd5f01c57c4fe3ade92a813457e9a5e46461ee1c78ff26e67a06bcaa33ce1679cdb2511af92f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\images\cover.png

Filesize
2KB

MD5
1fe59e6e74c68d49f9b7338caaa81511

SHA1
9e4995f8550296fe7e4743d24df754636bfb8277

SHA256
b09a2c7b3fde8e7b0dc560f06fd1943f2f80b5d2ac9107931014034a10013d6e

SHA512
24093c10f2f4a4f92a6bc6583ba1df6189e3cadefdf974c8a85f909d93868736bd180c94abcb9bece02d8032e8f0a524bc2e1330b91c0f657029b73555215772

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\images\light.gif

Filesize
54KB

MD5
3ca55b548876d810815f7515fe7a077e

SHA1
f09e762d9dea7ef23085b0e0724f1c6194cf57d4

SHA256
4aa3c0c62334ace27b1f1a1caf0165a146c3fb2c0b36a300e03aaba94279f89e

SHA512
2e6cf72ad531cb74db409f59cf58f9b26a5d8adc0a8efd6858f127dacf07ff21d2e3c3a83f976ed95aadbe5c1c88c6463d2f6e5f648f9d61a7d007f5850c632c

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\images\redfire.gif

Filesize
25KB

MD5
bfee71aa548dc13945f99b292ccfb5aa

SHA1
d5e69b1fca14ef066960e649b155687f0a8019f1

SHA256
5287b3edbf14f4abd731dab1b7dcfb662040fce3eea7f573807ea77dabd3840a

SHA512
4ef902d19d9cf83ceec982b2c3033d8e3cc1a1871ec3322fd550d352a0e8d9941cfa83d55062c914f9e67b2c2c78052007c14b37052a81ab5406188c9c8386af

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\images\start.gif

Filesize
429KB

MD5
b8895f2d722121f49dccb5711aa8c6ad

SHA1
82ccf62eee0f54b2ee49171fad8f463c2eaf015b

SHA256
2ece8de1a958eb3fbc2c22cdbf67ebc265646b05bb77127cfe21bb51679f8095

SHA512
8e4f1893e2d158d12d364de0be236bbe63ae2cbe82cc5440de2eca6f60a6009038711bb8985eb741675b937ff278d8dacf1a1b6134f89542b5b98227a6654789

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\js\bramus\jsProgressBarHandler0.js

Filesize
16KB

MD5
54a95794e8eeca63bd4528c49c8d29aa

SHA1
7b5d5c4509cc0427a3763f837c9559f77ee026ab

SHA256
d657eaa2129924465ced171a5d8f83c921b100ad627d4bb2e0756f8f951d4bad

SHA512
291c4db2a5908b00fc2ec03891b6cfc5096083dd9a41b1725361029e605f32c34236ef1271d9b07d26ded21e2711937ab7b270387b136bb9a4584c42d0960f1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\js\prototype\prototype.js

Filesize
123KB

MD5
d3a5b20d5368c1bcabe655b57b52d097

SHA1
015cf89260f3e8f0b86f5a17558125c933692989

SHA256
e9cca17c4320baac34e9ea5a41357ae0baffdd1beed813c2ef1f82d1179e9868

SHA512
1fd0889623b195a6faf905a2a662fc08173e76ac9490e2aaf9a96390f2184d71c1d5f29c61553bab34a3ea4626226fbd9eba4a2085afb5994290c31fb87a68c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\page.html

Filesize
1KB

MD5
d7a9c65aacfbfe034005c1a597690d41

SHA1
9025140dabcd7c5f8fa61d4f738b5110f0d4a894

SHA256
d677b1f0d8c069c659417288d226e27abf70b0a958ff9acfd97f19bd4a8dfb48

SHA512
86ec223c2f7534b50b67f8b89026bdd83a8e68f5e66a80311090bf4d6d347b2013d555c1e41236dcfba56c73d5fdbd37b994ae74857216069c9113ae50628dc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\page1.html

Filesize
2KB

MD5
f723acc1b43be1515ffbc159f4d1a042

SHA1
8deabbdf18ca518313802374b69732bd03719e55

SHA256
2602982f24c6914067cea66536b0cde3126b4d9259cbe45d03fe0a400fee6d65

SHA512
7a331fa48003f1deb437585f4f3ea3c283157e7bf7f8608a9d1f14550def916d49150b58be985fb22277cf83a79f1bfdc9a3da91dbc8afcfd710c3c957c90949

Download Submit
C:\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\html\style.css

Filesize
2KB

MD5
b9178837f1762f419d61bf7887f65ef0

SHA1
eb731dd960dd5a984b8a26c3d7ac26e7362aa497

SHA256
a2be0ab5c8e09183af0d09a0b310074bfc42e3f8e910b045d2c857c95b9c83b4

SHA512
79394bbb06aaa12130f48a8e03aa82083a35aaeb57c22629505f8123c08828d406d7347ba98a92cc6cff8b390e8e31f6642c83e28036b07f01e3b9992efabbbf

Download Submit
\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\58c504bfb3b88500ffb0714bcb5123af.exe

Filesize
799KB

MD5
f382893c27a40d9578c3c0490c221630

SHA1
f7c94af6bf0a501842a7e3d2fff0641f609b492f

SHA256
09b6c705dca9ab54aa9a9d8a0d8822eb5f78be5e45193f2aca348af0cb129a90

SHA512
f80384756757216b61d4b1f192f0da9db818c7f1c09cae6026966e47556360ec3b8283659c2ee01fa730c281302194cec3a71828c5b1df48f49052b80aafbaed

Download Submit
\Users\Admin\AppData\Local\Temp\kc0pyk2u.xwr\7z.dll

Filesize
516KB

MD5
26f3c0f259d9f612dafd70e82cb91069

SHA1
14285c2da152811f34e4fc6a7d2a5d4f5385cb00

SHA256
08c3f6313779cf25931d326009610d96bbe668cfa1322770d042b701f5e6ab93

SHA512
e749ddea33c2800f3e16476a354b835df26727d4b8875a59410ab5d1d734ae1f94d7ef6c1dc628247f4590b09a3b15e3020b30cf805ed00331cdbc2f9a327927

Download Submit
memory/1984-14-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/1984-8-0x00000000049F0000-0x0000000004AE0000-memory.dmp

Filesize
960KB

Download
memory/1984-2-0x0000000002290000-0x00000000022D0000-memory.dmp

Filesize
256KB

Download
memory/1984-1-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/1984-0-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/2352-254-0x0000000073AE0000-0x0000000073AED000-memory.dmp

Filesize
52KB

Download
memory/2352-274-0x0000000074BD0000-0x0000000074C1A000-memory.dmp

Filesize
296KB

Download
memory/2352-27-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-25-0x0000000076270000-0x0000000076EBA000-memory.dmp

Filesize
12.3MB

Download
memory/2352-30-0x0000000074A30000-0x0000000074A8B000-memory.dmp

Filesize
364KB

Download
memory/2352-29-0x00000000759C0000-0x0000000075B1C000-memory.dmp

Filesize
1.4MB

Download
memory/2352-32-0x0000000073C70000-0x000000007421B000-memory.dmp

Filesize
5.7MB

Download
memory/2352-33-0x0000000074980000-0x0000000074985000-memory.dmp

Filesize
20KB

Download
memory/2352-34-0x0000000075B20000-0x0000000075B55000-memory.dmp

Filesize
212KB

Download
memory/2352-35-0x0000000075B70000-0x0000000075C8D000-memory.dmp

Filesize
1.1MB

Download
memory/2352-47-0x0000000000B80000-0x0000000000C70000-memory.dmp

Filesize
960KB

Download
memory/2352-46-0x0000000075290000-0x000000007531F000-memory.dmp

Filesize
572KB

Download
memory/2352-48-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-61-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-22-0x0000000075000000-0x0000000075057000-memory.dmp

Filesize
348KB

Download
memory/2352-246-0x00000000001F0000-0x000000000022D000-memory.dmp

Filesize
244KB

Download
memory/2352-248-0x0000000076260000-0x0000000076265000-memory.dmp

Filesize
20KB

Download
memory/2352-250-0x0000000074220000-0x0000000074237000-memory.dmp

Filesize
92KB

Download
memory/2352-251-0x0000000073AF0000-0x0000000073B05000-memory.dmp

Filesize
84KB

Download
memory/2352-252-0x0000000073B10000-0x0000000073B62000-memory.dmp

Filesize
328KB

Download
memory/2352-255-0x0000000075580000-0x0000000075599000-memory.dmp

Filesize
100KB

Download
memory/2352-256-0x0000000000B80000-0x0000000000C70000-memory.dmp

Filesize
960KB

Download
memory/2352-261-0x0000000074CE0000-0x0000000074CEC000-memory.dmp

Filesize
48KB

Download
memory/2352-263-0x00000000758F0000-0x0000000075917000-memory.dmp

Filesize
156KB

Download
memory/2352-260-0x00000000739B0000-0x00000000739CC000-memory.dmp

Filesize
112KB

Download
memory/2352-259-0x0000000073A20000-0x0000000073A78000-memory.dmp

Filesize
352KB

Download
memory/2352-257-0x00000000739D0000-0x0000000073A1F000-memory.dmp

Filesize
316KB

Download
memory/2352-258-0x0000000075580000-0x0000000075599000-memory.dmp

Filesize
100KB

Download
memory/2352-24-0x0000000073C70000-0x000000007421B000-memory.dmp

Filesize
5.7MB

Download
memory/2352-264-0x0000000000B80000-0x0000000000C70000-memory.dmp

Filesize
960KB

Download
memory/2352-267-0x00000000755A0000-0x000000007564C000-memory.dmp

Filesize
688KB

Download
memory/2352-265-0x0000000075820000-0x0000000075867000-memory.dmp

Filesize
284KB

Download
memory/2352-272-0x0000000076270000-0x0000000076EBA000-memory.dmp

Filesize
12.3MB

Download
memory/2352-273-0x0000000075000000-0x0000000075057000-memory.dmp

Filesize
348KB

Download
memory/2352-277-0x0000000073C70000-0x000000007421B000-memory.dmp

Filesize
5.7MB

Download
memory/2352-278-0x00000000759C0000-0x0000000075B1C000-memory.dmp

Filesize
1.4MB

Download
memory/2352-275-0x0000000074B50000-0x0000000074BCD000-memory.dmp

Filesize
500KB

Download
memory/2352-26-0x0000000073C70000-0x000000007421B000-memory.dmp

Filesize
5.7MB

Download
memory/2352-283-0x0000000075B60000-0x0000000075B66000-memory.dmp

Filesize
24KB

Download
memory/2352-282-0x0000000075B20000-0x0000000075B55000-memory.dmp

Filesize
212KB

Download
memory/2352-293-0x00000000739B0000-0x00000000739CC000-memory.dmp

Filesize
112KB

Download
memory/2352-295-0x00000000758F0000-0x0000000075917000-memory.dmp

Filesize
156KB

Download
memory/2352-294-0x00000000739A0000-0x00000000739A7000-memory.dmp

Filesize
28KB

Download
memory/2352-292-0x00000000739D0000-0x0000000073A1F000-memory.dmp

Filesize
316KB

Download
memory/2352-291-0x0000000073A20000-0x0000000073A78000-memory.dmp

Filesize
352KB

Download
memory/2352-290-0x0000000073AE0000-0x0000000073AED000-memory.dmp

Filesize
52KB

Download
memory/2352-289-0x0000000073AF0000-0x0000000073B05000-memory.dmp

Filesize
84KB

Download
memory/2352-288-0x0000000073B10000-0x0000000073B62000-memory.dmp

Filesize
328KB

Download
memory/2352-280-0x0000000074A30000-0x0000000074A8B000-memory.dmp

Filesize
364KB

Download
memory/2352-297-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-296-0x0000000073C70000-0x000000007421B000-memory.dmp

Filesize
5.7MB

Download
memory/2352-298-0x0000000000B80000-0x0000000000C70000-memory.dmp

Filesize
960KB

Download
memory/2352-311-0x0000000073C70000-0x000000007421B000-memory.dmp

Filesize
5.7MB

Download
memory/2352-330-0x0000000073C70000-0x000000007421B000-memory.dmp

Filesize
5.7MB

Download
memory/2352-331-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-23-0x0000000074B40000-0x0000000074B49000-memory.dmp

Filesize
36KB

Download
memory/2352-20-0x00000000755A0000-0x000000007564C000-memory.dmp

Filesize
688KB

Download
memory/2352-21-0x0000000075820000-0x0000000075867000-memory.dmp

Filesize
284KB

Download
memory/2352-17-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2352-454-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-455-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-453-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-456-0x0000000006930000-0x0000000006A30000-memory.dmp

Filesize
1024KB

Download
memory/2352-460-0x0000000006380000-0x00000000063A0000-memory.dmp

Filesize
128KB

Download
memory/2352-18-0x00000000001F0000-0x000000000022D000-memory.dmp

Filesize
244KB

Download
memory/2352-16-0x0000000000B80000-0x0000000000C70000-memory.dmp

Filesize
960KB

Download
memory/2352-15-0x0000000000B80000-0x0000000000C70000-memory.dmp

Filesize
960KB

Download
memory/2352-12-0x0000000074BD0000-0x0000000074C1A000-memory.dmp

Filesize
296KB

Download
memory/2352-13-0x00000000001F0000-0x000000000022D000-memory.dmp

Filesize
244KB

Download
memory/2352-10-0x0000000000B80000-0x0000000000C70000-memory.dmp

Filesize
960KB

Download
memory/2352-571-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-572-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-573-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-574-0x00000000007E0000-0x0000000000820000-memory.dmp

Filesize
256KB

Download
memory/2352-575-0x0000000006930000-0x0000000006A30000-memory.dmp

Filesize
1024KB

Download
memory/2352-576-0x0000000006380000-0x00000000063A0000-memory.dmp

Filesize
128KB

Download