326a701ef8502fbf08dcb9a45a90f19444238c16b11ee2d0632393802a2d94a6

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641971793ccca4d7e2803dc5f92e7e38.exe
Size

10.7MB
MD5

641971793ccca4d7e2803dc5f92e7e38
SHA1

2a9eac67292185bfbf1dae2b93b2a81f0cc38e60
SHA256

326a701ef8502fbf08dcb9a45a90f19444238c16b11ee2d0632393802a2d94a6
SHA512

4169291a65b18f086c8eb321d61264082ea4c35db0e875a9ca9ddf86d2d2e4cca6b3c62328587f4ebbc7248cd7225421bdc87ca2665e552eb9bd73e2ad041bca
SSDEEP

49152:EQFRHrmQG+yrY+FrBQG+n+lBQG+0HrmQG+y1HrFQG+yrY+FrBQG+n+lBQG+0Hrml:EcKHfDKNBHfDKNKDKNBHfDXHfDKNKDb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2680	hnruwy.exe

Loads dropped DLL 2 IoCs

pid	Process
1996	641971793ccca4d7e2803dc5f92e7e38.exe
1996	641971793ccca4d7e2803dc5f92e7e38.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	hnruwy.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2680	hnruwy.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2680	hnruwy.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2680	hnruwy.exe
2680	hnruwy.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2680	1996	641971793ccca4d7e2803dc5f92e7e38.exe	28
PID 1996 wrote to memory of 2680	1996	641971793ccca4d7e2803dc5f92e7e38.exe	28
PID 1996 wrote to memory of 2680	1996	641971793ccca4d7e2803dc5f92e7e38.exe	28
PID 1996 wrote to memory of 2680	1996	641971793ccca4d7e2803dc5f92e7e38.exe	28

C:\Users\Admin\AppData\Local\Temp\641971793ccca4d7e2803dc5f92e7e38.exe
"C:\Users\Admin\AppData\Local\Temp\641971793ccca4d7e2803dc5f92e7e38.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Users\Admin\AppData\Local\Temp\hnruwy.exe
  C:\Users\Admin\AppData\Local\Temp\hnruwy.exe -run C:\Users\Admin\AppData\Local\Temp\641971793ccca4d7e2803dc5f92e7e38.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hnruwy.exe

Filesize
1.1MB

MD5
06b39b9f8241628b5b7116eab1896e18

SHA1
f6b78b0bb3ad38bb156f14c26960680d26a82bf3

SHA256
8b394d7fc5c9f672a2816ce28bafa89a6e925707a3e25fdba35cb30dfee0e0cc

SHA512
4153753b2da0a6089202682e478a7afd918d02ff1dc9f52ecf425429080b808075e82927fa6ae06e6c2564ac02874eba54890f622bfbeef28501bea6e4a3c54c

Download Submit
C:\Users\Admin\AppData\Local\Temp\hnruwy.exe

Filesize
927KB

MD5
84505ee53e7eab768938cb1e418efd10

SHA1
0ec93d7338f0e35b244ebf6669692419c99ff7be

SHA256
610b8a24a2c70432c4b743ea6f31ca285fcce7b78abb91281ac9bb9191e116fa

SHA512
d6cce3a2bb256f131646e8bea247183af1886c8ea35f0ef6c415e544ca76317bcd7d42f990b237d0235d035ea31178be6800322ab63ecfa560f294d649bad60f

Download Submit
C:\Users\Admin\AppData\Local\Temp\hnruwy.exe

Filesize
435KB

MD5
a358ffbe2af57b0459b1970613d5d37f

SHA1
4e959921815fc3a1e4f639d92da8face3ee47f04

SHA256
f33a3749f48b0f7b08f728d0e0fc55745e2676b03a1f35a47c435dde6970f6c8

SHA512
a096eac18438bd8f17427914b1fe2c8bff613028af31e0e7154be40b0428f71baf25dad53ed07c2977e40992c2b6c0b9a718a632bbc0a151adc2f2ed11c4a821

Download Submit
\Users\Admin\AppData\Local\Temp\hnruwy.exe

Filesize
1.4MB

MD5
65b0ffacf90fc4328d49373e4eb68d39

SHA1
0cb2bdc432ec572b2108b1c240dcbf18e41db9da

SHA256
c835ee9318d338777e37ac051ace639ef8dd52b7cfef1505dba9e350809593d9

SHA512
54aac7eb410c045608d1b6ec11924eb921656836ec290b629d8a267f2840f8c4b9b9df0a41ceeaf2d6cd1402eeb1aa21cc9e678a2e078d4537607779bb6fe388

Download Submit
\Users\Admin\AppData\Local\Temp\hnruwy.exe

Filesize
1.3MB

MD5
8e90effb373b4eadc386ae2cfe78b018

SHA1
428e52b24ea78caa1c7fff53bc138aa61edc5936

SHA256
64ff4a5d93086abfb37039aed46bb08458ce85fbfb1a92f95b1b5fab481600bd

SHA512
c22380d9b2cf90a18c127f9b31c0fb72a68a975f5ad3aa1c3d6be220cfc3a54c7cbf911f883248d0307854a3ab746e1cbee0288fef051734f50e0109e2d720f2

Download Submit
memory/1996-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1996-10-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1996-18-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/1996-17-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/1996-16-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1996-15-0x0000000000920000-0x0000000000921000-memory.dmp

Filesize
4KB

Download
memory/1996-14-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/1996-13-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/1996-27-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/1996-26-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/1996-25-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/1996-24-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/1996-23-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/1996-40-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1996-21-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/1996-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1996-20-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/1996-12-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/1996-8-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1996-7-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1996-6-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1996-5-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1996-3-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1996-4-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1996-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1996-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1996-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1996-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1996-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1996-43-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/1996-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1996-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1996-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1996-22-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/1996-19-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/1996-2-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1996-1-0x0000000000290000-0x00000000002E0000-memory.dmp

Filesize
320KB

Download
memory/2680-47-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2680-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-46-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/2680-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-106-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2680-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2680-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download