4e68a591b4ed8ffe693619f7d98b7af388357eaf2d8005cf15b3fb5697fe69ce

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9liao.exe
Size

320KB
MD5

b6cf3b3f4b2f40f343e27bdc5976a151
SHA1

d276884f41e65173ef8754ed2ad86624e7a10ffb
SHA256

a654d8a6837112a61e51be6f4d7f3e34d07f6e96ae6c78fc6211688be5019ff6
SHA512

08f52a1f498fdf986c17f1a007c01ec20b929ddfccfc8e10f452e463b6ea06527ad32988daf4b8d23ad35412e192cdf0848c6d4d371973681468d46907d62afe
SSDEEP

6144:qH0nQrUiSKrWubrSGxvGTQrGI2Lu5Zdh5GnvfazH1uYwxds:lnQrUiSKCuSGxvgPPY6e

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	9liao.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2956	9liao.exe
2956	9liao.exe
2956	9liao.exe
2956	9liao.exe
2956	9liao.exe

C:\Users\Admin\AppData\Local\Temp\9liao.exe
"C:\Users\Admin\AppData\Local\Temp\9liao.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2956-4-0x00000000040C0000-0x00000000040F6000-memory.dmp

Filesize
216KB

Download
memory/2956-2-0x0000000004070000-0x00000000040B1000-memory.dmp

Filesize
260KB

Download
memory/2956-0-0x0000000003F60000-0x000000000406C000-memory.dmp

Filesize
1.0MB

Download