36ea9c07252aa739c8a8366453f629a5762afc152b32fa358c893ca0233791a6

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 10:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

651d91d3ebde3977b10ebadfe0269d4d.exe
Size

9.2MB
MD5

651d91d3ebde3977b10ebadfe0269d4d
SHA1

2b8cf23d30ad284da26bad86ffaa9ed2b246b512
SHA256

36ea9c07252aa739c8a8366453f629a5762afc152b32fa358c893ca0233791a6
SHA512

3930c42654d9a9e84b8aa6a500b425beb98df2282415f2654556bdee36ec8821bd7df428d9522c8a695ca9dc2f9a8fd6dd579e05c8f5c21d583b0c4c4276adf6
SSDEEP

196608:R01dh08Tgk7c/ihukxA3f97Y1zO2sPnGMfhReCWJo8i1zwh/:R2dDTfc/YXq3fxY1ranGMbso/NwV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3052	651d91d3ebde3977b10ebadfe0269d4d.exe

Loads dropped DLL 2 IoCs

pid	Process
2928	651d91d3ebde3977b10ebadfe0269d4d.exe
3052	651d91d3ebde3977b10ebadfe0269d4d.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3052	651d91d3ebde3977b10ebadfe0269d4d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	651d91d3ebde3977b10ebadfe0269d4d.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	651d91d3ebde3977b10ebadfe0269d4d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	651d91d3ebde3977b10ebadfe0269d4d.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3052	651d91d3ebde3977b10ebadfe0269d4d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3052	651d91d3ebde3977b10ebadfe0269d4d.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3052	651d91d3ebde3977b10ebadfe0269d4d.exe
3052	651d91d3ebde3977b10ebadfe0269d4d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3052	2928	651d91d3ebde3977b10ebadfe0269d4d.exe	28
PID 2928 wrote to memory of 3052	2928	651d91d3ebde3977b10ebadfe0269d4d.exe	28
PID 2928 wrote to memory of 3052	2928	651d91d3ebde3977b10ebadfe0269d4d.exe	28
PID 2928 wrote to memory of 3052	2928	651d91d3ebde3977b10ebadfe0269d4d.exe	28

C:\Users\Admin\AppData\Local\Temp\651d91d3ebde3977b10ebadfe0269d4d.exe
"C:\Users\Admin\AppData\Local\Temp\651d91d3ebde3977b10ebadfe0269d4d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\k5w14jss.evb\651d91d3ebde3977b10ebadfe0269d4d.exe
  "C:\Users\Admin\AppData\Local\Temp\k5w14jss.evb\651d91d3ebde3977b10ebadfe0269d4d.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\k5w14jss.evb\651d91d3ebde3977b10ebadfe0269d4d.exe

Filesize
277KB

MD5
3aa24fb11941e246d7479781c81f6ef0

SHA1
ccb80d1cb06b2280fa03abbba79d92e7c4599e98

SHA256
d32ce655718b8763e0dd43edc9840b990ea790a5bc213a2e9b07418e9768597d

SHA512
c37e8a5ee0f02a83338bd0ce71d0e9e3b9106736d2de10482b6473a35f0349a609ac5461239544cba979b5988a72df5a3c65910867c7b937a701df01a843370a

Download Submit
C:\Users\Admin\AppData\Local\Temp\k5w14jss.evb\651d91d3ebde3977b10ebadfe0269d4d.exe

Filesize
144KB

MD5
75848499b51ccc0af2e9efde44a861e4

SHA1
ffcbbf5be6abedb6c4a2c0a65133a97de603d68b

SHA256
9ce8294d44711b55ebfe3968177e7cc16f4bcc98dffd6f3e7e71a47fe4b458f1

SHA512
4c9d6be48d3ecee5a1787e0fa3885eabbd921e35fc6d7ab33639757dd4c3db16d3d839b48cbf56b5cd10d36d20e680802ef4cf8a59b1cf81f3ddeaba094f1f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\k5w14jss.evb\html\images\bg-1.png

Filesize
57KB

MD5
68d1fc529627dab8e4579ac4892260fd

SHA1
cd800c237b06d2421bdeff3d9deee35e11bc4b23

SHA256
8b06c442f1ee26c3869b07311fa66390dc9b269e037a79e02ff6aac41d53d7e2

SHA512
ef8820d6bfeb6d58730d2a55946b7799a590daefceb8594d8defc0c5c122f360afff81da19eece50fb1cfaf4f4bb7d48a5f98a8d57ec8f28d1f2d0958182bf06

Download Submit
C:\Users\Admin\AppData\Local\Temp\k5w14jss.evb\html\page.html

Filesize
1KB

MD5
1b357c4195aedde1df6d470ae6583557

SHA1
9669348e708220e221e9bde05900f6c431c4d917

SHA256
1bd36e6b6eab5ec7e8b9a0127f877b2ade4cbbe6616a33220b0585c322540728

SHA512
919034b09571ce64a7dfda390ff7e489b784d4df59123184b49452721611bf44ea241812b223babfddfac624785b921fa2b24c84bf1ca85beb13d341fa49f3bd

Download Submit
\Users\Admin\AppData\Local\Temp\k5w14jss.evb\651d91d3ebde3977b10ebadfe0269d4d.exe

Filesize
260KB

MD5
5a75c6fea7d436390733621f187e9bf6

SHA1
21ba6258f754d2a43039098cba96141ff2c18da5

SHA256
86cbd7c0f4701133826213b467b103739de19734e3f3ce8b2a4d696ea03396fe

SHA512
3fb278e33c448cfe77a102a12dcd1dc189675b6524d0fb96fb1339b5525baeb9a92d7eca891a66b8732efe4724e40c50b8155c7272bb9fe57c034c5579bb0e0d

Download Submit
\Users\Admin\AppData\Local\Temp\k5w14jss.evb\7z.dll

Filesize
206KB

MD5
1468fed248300b119ea4a923edb7097a

SHA1
d7b94076edbce99f76c5238edd7affb0a593b174

SHA256
f33974006ae63869c7084f0e32061ca0e74b07076fbef1044ec27d0b0636d06f

SHA512
ed673e46f6619b2d250a315c100beda5b07dbecabc374ab1efbcd5c328c9dfaa6af1f48b7753cd09159e665802068eceaf283876cc6edc72db287ec4bdcb8dd0

Download Submit
memory/2928-2-0x0000000000BC0000-0x0000000000C00000-memory.dmp

Filesize
256KB

Download
memory/2928-1-0x00000000748F0000-0x0000000074E9B000-memory.dmp

Filesize
5.7MB

Download
memory/2928-12-0x00000000050A0000-0x0000000005190000-memory.dmp

Filesize
960KB

Download
memory/2928-205-0x00000000050A0000-0x0000000005190000-memory.dmp

Filesize
960KB

Download
memory/2928-0-0x00000000748F0000-0x0000000074E9B000-memory.dmp

Filesize
5.7MB

Download
memory/2928-11-0x00000000748F0000-0x0000000074E9B000-memory.dmp

Filesize
5.7MB

Download
memory/3052-191-0x0000000075E00000-0x0000000075E35000-memory.dmp

Filesize
212KB

Download
memory/3052-202-0x00000000730A0000-0x00000000730BC000-memory.dmp

Filesize
112KB

Download
memory/3052-25-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/3052-24-0x0000000075040000-0x0000000075049000-memory.dmp

Filesize
36KB

Download
memory/3052-23-0x00000000752B0000-0x0000000075307000-memory.dmp

Filesize
348KB

Download
memory/3052-27-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/3052-28-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-22-0x0000000076F30000-0x0000000076F77000-memory.dmp

Filesize
284KB

Download
memory/3052-16-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3052-18-0x00000000002E0000-0x000000000031D000-memory.dmp

Filesize
244KB

Download
memory/3052-30-0x0000000075870000-0x00000000759CC000-memory.dmp

Filesize
1.4MB

Download
memory/3052-26-0x0000000075FD0000-0x0000000076C1A000-memory.dmp

Filesize
12.3MB

Download
memory/3052-31-0x0000000074710000-0x000000007476B000-memory.dmp

Filesize
364KB

Download
memory/3052-33-0x0000000075E00000-0x0000000075E35000-memory.dmp

Filesize
212KB

Download
memory/3052-34-0x0000000075EB0000-0x0000000075FCD000-memory.dmp

Filesize
1.1MB

Download
memory/3052-45-0x0000000076E20000-0x0000000076EAF000-memory.dmp

Filesize
572KB

Download
memory/3052-99-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-46-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-17-0x0000000001230000-0x0000000001320000-memory.dmp

Filesize
960KB

Download
memory/3052-163-0x00000000730F0000-0x0000000073142000-memory.dmp

Filesize
328KB

Download
memory/3052-171-0x0000000076F80000-0x0000000076FA7000-memory.dmp

Filesize
156KB

Download
memory/3052-169-0x00000000751A0000-0x00000000751AC000-memory.dmp

Filesize
48KB

Download
memory/3052-168-0x00000000730A0000-0x00000000730BC000-memory.dmp

Filesize
112KB

Download
memory/3052-167-0x0000000072500000-0x0000000072558000-memory.dmp

Filesize
352KB

Download
memory/3052-166-0x00000000724B0000-0x00000000724FF000-memory.dmp

Filesize
316KB

Download
memory/3052-165-0x0000000075BA0000-0x0000000075BB9000-memory.dmp

Filesize
100KB

Download
memory/3052-164-0x0000000073E30000-0x0000000073E3D000-memory.dmp

Filesize
52KB

Download
memory/3052-162-0x00000000730D0000-0x00000000730E5000-memory.dmp

Filesize
84KB

Download
memory/3052-161-0x0000000073BC0000-0x0000000073BD7000-memory.dmp

Filesize
92KB

Download
memory/3052-177-0x0000000075BA0000-0x0000000075BB9000-memory.dmp

Filesize
100KB

Download
memory/3052-15-0x0000000001230000-0x0000000001320000-memory.dmp

Filesize
960KB

Download
memory/3052-206-0x0000000001230000-0x0000000001320000-memory.dmp

Filesize
960KB

Download
memory/3052-10-0x0000000074F20000-0x0000000074F6A000-memory.dmp

Filesize
296KB

Download
memory/3052-204-0x0000000076F80000-0x0000000076FA7000-memory.dmp

Filesize
156KB

Download
memory/3052-203-0x00000000724A0000-0x00000000724A7000-memory.dmp

Filesize
28KB

Download
memory/3052-20-0x0000000075D50000-0x0000000075DFC000-memory.dmp

Filesize
688KB

Download
memory/3052-201-0x00000000724B0000-0x00000000724FF000-memory.dmp

Filesize
316KB

Download
memory/3052-200-0x0000000072500000-0x0000000072558000-memory.dmp

Filesize
352KB

Download
memory/3052-199-0x0000000073E30000-0x0000000073E3D000-memory.dmp

Filesize
52KB

Download
memory/3052-198-0x00000000730D0000-0x00000000730E5000-memory.dmp

Filesize
84KB

Download
memory/3052-197-0x00000000730F0000-0x0000000073142000-memory.dmp

Filesize
328KB

Download
memory/3052-195-0x0000000075B80000-0x0000000075B85000-memory.dmp

Filesize
20KB

Download
memory/3052-192-0x0000000075840000-0x0000000075846000-memory.dmp

Filesize
24KB

Download
memory/3052-190-0x0000000075030000-0x0000000075035000-memory.dmp

Filesize
20KB

Download
memory/3052-189-0x0000000074710000-0x000000007476B000-memory.dmp

Filesize
364KB

Download
memory/3052-187-0x0000000075870000-0x00000000759CC000-memory.dmp

Filesize
1.4MB

Download
memory/3052-186-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/3052-184-0x0000000074E20000-0x0000000074E9D000-memory.dmp

Filesize
500KB

Download
memory/3052-183-0x0000000074F20000-0x0000000074F6A000-memory.dmp

Filesize
296KB

Download
memory/3052-182-0x00000000752B0000-0x0000000075307000-memory.dmp

Filesize
348KB

Download
memory/3052-181-0x0000000075FD0000-0x0000000076C1A000-memory.dmp

Filesize
12.3MB

Download
memory/3052-176-0x0000000075D50000-0x0000000075DFC000-memory.dmp

Filesize
688KB

Download
memory/3052-174-0x0000000076F30000-0x0000000076F77000-memory.dmp

Filesize
284KB

Download
memory/3052-173-0x0000000001230000-0x0000000001320000-memory.dmp

Filesize
960KB

Download
memory/3052-207-0x00000000002E0000-0x000000000031D000-memory.dmp

Filesize
244KB

Download
memory/3052-208-0x0000000001230000-0x0000000001320000-memory.dmp

Filesize
960KB

Download
memory/3052-210-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-209-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/3052-211-0x0000000001230000-0x0000000001320000-memory.dmp

Filesize
960KB

Download
memory/3052-224-0x0000000074870000-0x0000000074E1B000-memory.dmp

Filesize
5.7MB

Download
memory/3052-244-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-311-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-313-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-314-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-315-0x0000000006D50000-0x0000000006E50000-memory.dmp

Filesize
1024KB

Download
memory/3052-14-0x00000000002E0000-0x000000000031D000-memory.dmp

Filesize
244KB

Download
memory/3052-13-0x0000000001230000-0x0000000001320000-memory.dmp

Filesize
960KB

Download
memory/3052-406-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-407-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-408-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-409-0x00000000007C0000-0x0000000000800000-memory.dmp

Filesize
256KB

Download
memory/3052-410-0x0000000006D50000-0x0000000006E50000-memory.dmp

Filesize
1024KB

Download