6a4ff569548cabfc375de0b4b69a29482a140929092852179f7086eac405059b

Analysis

max time kernel
149s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76fb2324ee40ca33b3df7cf420e3cf36.exe
Size

227KB
MD5

76fb2324ee40ca33b3df7cf420e3cf36
SHA1

354d79da5baf1d68d46bd83dff46cfb302dfe132
SHA256

6a4ff569548cabfc375de0b4b69a29482a140929092852179f7086eac405059b
SHA512

b992e9a22df036d0681b65fe6a956071d4d957c6a17c40dcdf8861fe5546201f68c7079ca15853a1f51b1c151a6966af426147af28b2c9adf65f0df261690ad3
SSDEEP

6144:jzOdykKSsvop14HAZvMy75KGsQK6tWwcRBiwxDXDy5yMt:jzOJKSOBAt7s5M6nHDXO5D

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3620	Cbegya.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	76fb2324ee40ca33b3df7cf420e3cf36.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	76fb2324ee40ca33b3df7cf420e3cf36.exe
File created	C:\Windows\Cbegya.exe	76fb2324ee40ca33b3df7cf420e3cf36.exe
File opened for modification	C:\Windows\Cbegya.exe	76fb2324ee40ca33b3df7cf420e3cf36.exe
File created	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Cbegya.exe
File opened for modification	C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job	Cbegya.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	76fb2324ee40ca33b3df7cf420e3cf36.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	Cbegya.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\Main	Cbegya.exe
Key created	\REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Software\Microsoft\Internet Explorer\International	Cbegya.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe
3620	Cbegya.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 3620	2824	76fb2324ee40ca33b3df7cf420e3cf36.exe	91
PID 2824 wrote to memory of 3620	2824	76fb2324ee40ca33b3df7cf420e3cf36.exe	91
PID 2824 wrote to memory of 3620	2824	76fb2324ee40ca33b3df7cf420e3cf36.exe	91

C:\Users\Admin\AppData\Local\Temp\76fb2324ee40ca33b3df7cf420e3cf36.exe
"C:\Users\Admin\AppData\Local\Temp\76fb2324ee40ca33b3df7cf420e3cf36.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\Cbegya.exe
  C:\Windows\Cbegya.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Cbegya.exe

Filesize
227KB

MD5
76fb2324ee40ca33b3df7cf420e3cf36

SHA1
354d79da5baf1d68d46bd83dff46cfb302dfe132

SHA256
6a4ff569548cabfc375de0b4b69a29482a140929092852179f7086eac405059b

SHA512
b992e9a22df036d0681b65fe6a956071d4d957c6a17c40dcdf8861fe5546201f68c7079ca15853a1f51b1c151a6966af426147af28b2c9adf65f0df261690ad3

Download Submit
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

Filesize
362B

MD5
c467b4d265ac71702db6ceec4e5642d2

SHA1
eee364c47f3c0601862057f0eadc3479487a443b

SHA256
86b892866a1b59fa04391987749acbfae0f2d32ffe74d087a54a2263f61c6a0f

SHA512
2ad69a2312af0b939f9ae7b03a46c9e0854f44b3f692317912ef6d09db625d9492e72cd74d2394f147a90b6ab23e07df5fcc9093e0bd3454364ed30d93cfd1fd

Download Submit
memory/2824-15694-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2824-2-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2824-1-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/2824-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2824-33702-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-50109-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-21801-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-10-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-9-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-65253-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-76145-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-102491-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-131214-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-150812-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-150813-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-150814-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-150816-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/3620-150820-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download