4e5818b90d905865f7d0250767398e2b0094df61857bd4bc7cf9cca66e16a499

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78285493c5d513856e5fe55922e20ae0.exe
Size

3.6MB
MD5

78285493c5d513856e5fe55922e20ae0
SHA1

c654f23f5975338a0e5fbfc57b24d36190f22559
SHA256

4e5818b90d905865f7d0250767398e2b0094df61857bd4bc7cf9cca66e16a499
SHA512

482ef30e042059d7cf73567224e952c03433b026dd4fdf1240c8c5fe5f859f54d3010800095bbe766e00f4daae734e8b5c3a2045c115644fd1998f06b9c2cfc7
SSDEEP

98304:7Q3UO+MwoKPlshpg5TzyiXJ1+n47hYAWSiuj+XBpkyEKM3q8h:9wFcFXRdYbjw+XBpkyB0

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	78285493c5d513856e5fe55922e20ae0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	78285493c5d513856e5fe55922e20ae0.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	78285493c5d513856e5fe55922e20ae0.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2856	78285493c5d513856e5fe55922e20ae0.exe
2856	78285493c5d513856e5fe55922e20ae0.exe
2856	78285493c5d513856e5fe55922e20ae0.exe
2856	78285493c5d513856e5fe55922e20ae0.exe

C:\Users\Admin\AppData\Local\Temp\78285493c5d513856e5fe55922e20ae0.exe
"C:\Users\Admin\AppData\Local\Temp\78285493c5d513856e5fe55922e20ae0.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\110852\index.html

Filesize
16KB

MD5
17ef1fbc1d3df0bc7387136539473fb9

SHA1
1991ca7c768594fdff851de6acfaf6dedc164cf0

SHA256
3d4dc858e7ec255015adecbdb086d041ff146605b4e5678f9845fafa7eb737fd

SHA512
c8bc84175838cdc67f38a90eb9affa125b92d07f3eb5951d3f82306b3f698fce35bbbc4b558204d18bcb7ef0474e1a704c5d67b2e1b81f0a17ba0ee2fac421f7

Download Submit