5df915ab2c9d0f52d3aeccbe5c4895f080b204f469a6f29fd55ab76a82aa2dfb

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76a048a5f0dffef604c467411d03e089.exe
Size

3.0MB
MD5

76a048a5f0dffef604c467411d03e089
SHA1

d36b84357825fde8fbd76b788074ce218bccb2a6
SHA256

5df915ab2c9d0f52d3aeccbe5c4895f080b204f469a6f29fd55ab76a82aa2dfb
SHA512

78d1b9c31edff5ef86095ded30c8cfd4ca34d36f9988ab8924ec89a7a334bb920d168e4dc01bfc2769c37077593c834de23dc11c2ed8403979b4d38c06bb6f35
SSDEEP

49152:EQFRHrmQG+yGXGZQPxQtrmQG+yGXJmQG+yb4:EcKdMZ7M

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2860	z.exe

Loads dropped DLL 2 IoCs

pid	Process
2124	76a048a5f0dffef604c467411d03e089.exe
2124	76a048a5f0dffef604c467411d03e089.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	z.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2860	z.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2860	z.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2860	z.exe
2860	z.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2860	2124	76a048a5f0dffef604c467411d03e089.exe	28
PID 2124 wrote to memory of 2860	2124	76a048a5f0dffef604c467411d03e089.exe	28
PID 2124 wrote to memory of 2860	2124	76a048a5f0dffef604c467411d03e089.exe	28
PID 2124 wrote to memory of 2860	2124	76a048a5f0dffef604c467411d03e089.exe	28

C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe
"C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\z.exe
  C:\Users\Admin\AppData\Local\Temp\z.exe -run C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
191KB

MD5
6112097bef1036a2f25d65a1076218f0

SHA1
acbac2570af20d82b070e78d17327bf394159651

SHA256
d97cc52c2d68c49bee068aad98cf58ba92f8ac214519e7d3aef10e8054d07ce3

SHA512
a58da5d1ee56144276bcd6dab9038115ad52706d44e54dce231e17a06a50eb4dd10fa4dad163d8ffc702519a58b81831884cbb82e3b95ffa395b799bc5ace4be

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
143KB

MD5
c8a6cbeac1ab261b7a3f4067e39552ec

SHA1
4d85ce0e0eaf8991b41fe32d5c54199dfdee772f

SHA256
9aca7cb5a1a589b914de6c9636976421359e4ab59c96e5ca4c10c183503d38db

SHA512
0a550befd49e58413bfcc9d6ad7441071737d74a6efc3c2253d03d55c44f146f974331134e8a4b889a0fd0a22c71a7785ad7ec11a3dcdf93e6cddf5e982987d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
159KB

MD5
9138a456eb2270c0fd4315a121cf9ee2

SHA1
02ef83d591b729f76df6ba2fa82647eefa5ba6db

SHA256
6e38766113975cc44fa3bd6f3f3051daaee06d489475c020bdeaa694ef85bb03

SHA512
e10c3164d3084cc945d627456d9d66105745cfcb7ad2eee1f89256e2c7da598f888ccb65649bb957b263a1876a12ed0897dd2eb0728d7f3180d822873b2ee88c

Download Submit
\Users\Admin\AppData\Local\Temp\z.exe

Filesize
186KB

MD5
5d964184aca16c16201a66575836b42a

SHA1
3c7aaaf826f267b0662fc32b2a4b9647413b8479

SHA256
bc0fd1c0e1fa654089a10c91dae6b7347a3e4e02fcdb16fbdee1ed420f7b5c76

SHA512
29b9a3e060f97b47cf7d13105b6209ccd5580a34fd42326903d8b3063a1157020a673ebe678542e0c0b8645921dc64d72318f3bf2eeaaa6e3baa7557c4966889

Download Submit
\Users\Admin\AppData\Local\Temp\z.exe

Filesize
146KB

MD5
3786e762fcc7a0e688f529ba7b349f12

SHA1
4603d9a60a633b1f2680c1866cab9c892cec9f96

SHA256
984fbdd7ba49f3466730d5f907693fd7ba8263894bfcc2a30c26ffdc45c2fb8a

SHA512
9d7c2e4aa03128c3c2d7979008962e2c744a92b0b6f71c301abd771275fbf85e6c20164594577036f2df5101b93b71ba0841da8f6a0c07e3658351876a563ff8

Download Submit
memory/2124-19-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2124-15-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2124-16-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2124-28-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2124-27-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2124-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2124-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2124-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2124-26-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2124-25-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2124-24-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2124-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2124-10-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2124-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2124-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2124-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2124-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2124-41-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2124-39-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2124-4-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2124-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2124-5-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2124-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2124-12-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2124-2-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2124-1-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2124-22-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2124-21-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2124-20-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2124-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2124-18-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2124-17-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2124-7-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2124-8-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2124-13-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2124-14-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2860-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-70-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2860-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-68-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2860-67-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2860-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-66-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2860-65-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2860-64-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2860-62-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2860-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-63-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2860-61-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2860-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-69-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2860-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2860-98-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download