0c9ec22d323b1b21f553c8d1844146819a3360f6a238040813773af9b04a1d6d

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71aeace76a4c13c9dd7c25d2005ff116.exe
Size

8.2MB
MD5

71aeace76a4c13c9dd7c25d2005ff116
SHA1

4346d248c97359c63bff060e4d45371dce3d4651
SHA256

0c9ec22d323b1b21f553c8d1844146819a3360f6a238040813773af9b04a1d6d
SHA512

f7b04497c68c9054f997ba3e992a8cdd4bbe6be869646cb48e445eba4b3552aa3397e06445106877db9428ece7aa52cf8c3cb822e2ac6018b3705f2ea0f59e20
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rcrSIrSB+Fr/SB+FrNY+Fr/rcrSIrSB+Fr/SB+Fr/rY+FrU:EcKk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2840	yc.exe

Loads dropped DLL 2 IoCs

pid	Process
2172	71aeace76a4c13c9dd7c25d2005ff116.exe
2172	71aeace76a4c13c9dd7c25d2005ff116.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	yc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2840	yc.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2840	yc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2840	yc.exe
2840	yc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2840	2172	71aeace76a4c13c9dd7c25d2005ff116.exe	28
PID 2172 wrote to memory of 2840	2172	71aeace76a4c13c9dd7c25d2005ff116.exe	28
PID 2172 wrote to memory of 2840	2172	71aeace76a4c13c9dd7c25d2005ff116.exe	28
PID 2172 wrote to memory of 2840	2172	71aeace76a4c13c9dd7c25d2005ff116.exe	28

C:\Users\Admin\AppData\Local\Temp\71aeace76a4c13c9dd7c25d2005ff116.exe
"C:\Users\Admin\AppData\Local\Temp\71aeace76a4c13c9dd7c25d2005ff116.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\yc.exe
  C:\Users\Admin\AppData\Local\Temp\yc.exe -run C:\Users\Admin\AppData\Local\Temp\71aeace76a4c13c9dd7c25d2005ff116.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yc.exe

Filesize
303KB

MD5
b69d3e90f4097e51da40c51506bb0b16

SHA1
46ebeeb58666d66393a9a3628bbb0abb81e3885f

SHA256
a4861bdae26660bb94b8e452ef41a5ffa8ec702f08bfd5d6e78b4462f3901054

SHA512
05ac250361779a5b682a667255f93e3b7471e7a82759baebbf6cac639f23ea447350640780b8e9819fc128b9e9514d893ea77f1f7f67c2c8c983c89af3513d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\yc.exe

Filesize
418KB

MD5
bee043786be36ae3614d663620970c54

SHA1
58e0ec46062d980cbb68663386ede3ef594ca7b6

SHA256
01e0326166493175decda8f7f5fdc38a1438986d91bda2348ea98839fcb63d71

SHA512
40cb0aa1bd8a2852ed6aa4697c5c8a4afb857961ba29f1e1073dcd0950e082b3b81914dbb15a24db3be7a6c86b82756cb8645eef86b598cd6307185833798dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\yc.exe

Filesize
316KB

MD5
440d192277a9af6f7aa1b81e25cff5a0

SHA1
84a04939e71f5bd4be900c8daa8a1614891b3ad7

SHA256
3c303343250a9a8abcc007186b01188243eda1090e1a66f53d55a9d155673562

SHA512
6d7078f1b514b15484abfd0ae36a75ee269ab9eefee04b129cd42fcd165a08d99e64e03e87a9c02437dad9e009d07c03cc96110e3ad3772dd42f5052957a1d30

Download Submit
\Users\Admin\AppData\Local\Temp\yc.exe

Filesize
428KB

MD5
9715a601bca1c2108a6d5949ede3f1d1

SHA1
cfe1474d2932888d2d61c9545d26affea45639af

SHA256
925e608acadbc572ff2a71a1fc7c52e8f1a0e8c19917e8cd80d843a30fd3ab7e

SHA512
fc528250358079aa0cbcec8015c9df1cdcb53b303c58d5185bff853b0fc409a3df2482ba4e1144216a3b3d646d172dee669f7ee25bb7cc99427b327e2984b70c

Download Submit
\Users\Admin\AppData\Local\Temp\yc.exe

Filesize
358KB

MD5
fbad625fa3ec253e4f053d78119bbe77

SHA1
ce494954324a86d8ede0ab065d7bd84803df743d

SHA256
8188ec62d1064b76a240f6cd0e70d00ef43b59590b085a7eb912d4a669e85588

SHA512
284016fbba6dc8249390b6281c4e400908105bc35fc8c2971d587c7e15d8f8c7d14d6e40aca82a92563f733ae39178f276d300dbb0afc186bda8141b90357b93

Download Submit
memory/2172-12-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2172-41-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2172-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2172-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2172-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2172-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2172-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2172-7-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2172-8-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2172-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2172-10-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2172-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2172-25-0x0000000000950000-0x0000000000951000-memory.dmp

Filesize
4KB

Download
memory/2172-26-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/2172-27-0x0000000000970000-0x0000000000971000-memory.dmp

Filesize
4KB

Download
memory/2172-24-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/2172-23-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/2172-22-0x0000000000930000-0x0000000000931000-memory.dmp

Filesize
4KB

Download
memory/2172-21-0x0000000000940000-0x0000000000941000-memory.dmp

Filesize
4KB

Download
memory/2172-20-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/2172-19-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2172-18-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2172-17-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2172-16-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2172-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2172-14-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2172-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2172-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2172-13-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2172-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2172-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2172-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2172-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2172-1-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2172-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2172-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2172-43-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2840-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-46-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2840-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2840-103-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download