9dee561d6e9fd7a07df10be0b4715ce7f2ee8f9e2ff7ceafd8bc65d2056880d7

Analysis

max time kernel
142s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b2ce87f1e273554167507e85d99a6db.exe
Size

9.1MB
MD5

7b2ce87f1e273554167507e85d99a6db
SHA1

85766173ffbbc5abe4b07020b12c14f90713744e
SHA256

9dee561d6e9fd7a07df10be0b4715ce7f2ee8f9e2ff7ceafd8bc65d2056880d7
SHA512

44c145bbf0af948e644ee2dc3dfaaddf7eb1b03898bc353980f5229491afd8cb1875694d75a85ce177c0fc4325d2397a20bcac501ad2f9eb7b2dbe20cc0c92b7
SSDEEP

49152:EQFRHrmQG+yrV29jMrmQG+yrV29FQFR229jM529FQFR229jjMrmQG+yrV29FQFRT:EcKEycLcRycT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2804	z.exe

Loads dropped DLL 2 IoCs

pid	Process
2228	7b2ce87f1e273554167507e85d99a6db.exe
2228	7b2ce87f1e273554167507e85d99a6db.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Internet Explorer\Main	z.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2804	z.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2804	z.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2804	z.exe
2804	z.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2804	2228	7b2ce87f1e273554167507e85d99a6db.exe	28
PID 2228 wrote to memory of 2804	2228	7b2ce87f1e273554167507e85d99a6db.exe	28
PID 2228 wrote to memory of 2804	2228	7b2ce87f1e273554167507e85d99a6db.exe	28
PID 2228 wrote to memory of 2804	2228	7b2ce87f1e273554167507e85d99a6db.exe	28

C:\Users\Admin\AppData\Local\Temp\7b2ce87f1e273554167507e85d99a6db.exe
"C:\Users\Admin\AppData\Local\Temp\7b2ce87f1e273554167507e85d99a6db.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\z.exe
  C:\Users\Admin\AppData\Local\Temp\z.exe -run C:\Users\Admin\AppData\Local\Temp\7b2ce87f1e273554167507e85d99a6db.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
48KB

MD5
26d370c42afec2663b702b94e350de90

SHA1
6cab1ab73d1b11989033d2910780b392608af79f

SHA256
a4139cf0a50a307e8a9e93949a40b2b203c984ca332071b0d369ff27634eb8b7

SHA512
f027b63752d7e1f389b14c757d452781d0dc2d462b3195bda91fc06302d7d22d76c994d797e25c2ee4dbfdc066146d05d0501ffa88d62f8b9333d6f5e635469d

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
52KB

MD5
45a5885538b870b235bfebb8b9a9ea8b

SHA1
2cb4db9d40a6e1966cb1865815600122865ec502

SHA256
817816c136950c38cbac38c4ab3d81adab23fca39487c6b4a54fa99a8d8bc404

SHA512
a6ff2347c4da3900a56891f9e82216ea7d8c9b83b42dce8c4933f054631a46227257c054866cb9d9cf3c7a7cccc8e35958447403e308a8c87dbd2eabe203734c

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.exe

Filesize
1.5MB

MD5
e036278de44997aef5f29271482a98c2

SHA1
21f9513efa768b7747f975c80c6e46fe89bea4d5

SHA256
1c96c6f7496b8bff3350b67607d55086f5cd0debcec89870ff10a8139ed87cdf

SHA512
5a520c9973837699d2576e621e48a9f96a8cb2360c6ad1490c3e121143beb968098a98774f13d923d32754b5ab7fc35351b77261541f6bffe73672481df08b14

Download Submit
\Users\Admin\AppData\Local\Temp\z.exe

Filesize
74KB

MD5
07dd46d930aa123fca7767d89f607de4

SHA1
d5ab023eeb170607e5bc3de8ea039f96169cbe8e

SHA256
2510d4835fadc896b493c3ffe14ff5aa8587f38a93e18b1038b227c7cce62bb5

SHA512
8309ef92db76892548d9d78d7235318c8f3534d6b9482f920ca5e6f57eac9f93e81da69134ac970d7f8bf61a613d7ce78078f6c47aad45a1a67bb42be39d95bc

Download Submit
\Users\Admin\AppData\Local\Temp\z.exe

Filesize
1.6MB

MD5
351922753f96cdb48d8dfc3fa51332a5

SHA1
c1a45196112a2c7262f178b0860adf3c1968e01e

SHA256
b0d56e8952f1a9a43089504730f31b7a240507a681126b51dba0d054c20a9bb5

SHA512
712c1e7cfd9911c9d16708fea2ce540da6f4e1e26ae62feb2ed497bbc726ad65b83715f0608ab0d154b55ecff286bd0577d1b6f612fa6f6b62665b097330ec1a

Download Submit
memory/2228-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-23-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2228-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2228-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2228-9-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2228-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2228-7-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2228-6-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2228-5-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2228-4-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2228-26-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2228-25-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2228-24-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2228-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-22-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2228-21-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/2228-20-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2228-19-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2228-18-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2228-17-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/2228-16-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2228-15-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2228-14-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2228-13-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2228-12-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2228-11-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/2228-28-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-27-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2228-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-1-0x00000000002C0000-0x0000000000310000-memory.dmp

Filesize
320KB

Download
memory/2228-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-2-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2228-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-57-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2228-59-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2228-58-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2228-60-0x00000000002C0000-0x0000000000310000-memory.dmp

Filesize
320KB

Download
memory/2228-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2228-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2228-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-64-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2804-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2804-63-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2804-61-0x00000000005B0000-0x0000000000600000-memory.dmp

Filesize
320KB

Download
memory/2804-116-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download