e02b2cb10b18c83bb26504243ee3f59dc687f4b3cfa044a5365d037712b6bfda

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e0d7a0a941bdb1fddee56abbf8b8c88.exe
Size

48KB
MD5

7e0d7a0a941bdb1fddee56abbf8b8c88
SHA1

ea11e45201e0653955f2473ca2ab6cf72d4f5c5e
SHA256

e02b2cb10b18c83bb26504243ee3f59dc687f4b3cfa044a5365d037712b6bfda
SHA512

69dc02947ad6ba3c9f9f93617f90c40f62b4f37c2c90b894b5cd5417fe893fe883e1048ff740b13756a5f5efc3832ecadfbc63777f9052e1daef7fe85ca6b3c1
SSDEEP

768:dqJrowU3PkBvUPQO/C6EB9qMq0Eq2rXS3Hy1v6VT:XmXoYHy1vY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2788	cmd.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	7e0d7a0a941bdb1fddee56abbf8b8c88.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1520	7e0d7a0a941bdb1fddee56abbf8b8c88.exe
1520	7e0d7a0a941bdb1fddee56abbf8b8c88.exe
1520	7e0d7a0a941bdb1fddee56abbf8b8c88.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1520 wrote to memory of 2788	1520	7e0d7a0a941bdb1fddee56abbf8b8c88.exe	29
PID 1520 wrote to memory of 2788	1520	7e0d7a0a941bdb1fddee56abbf8b8c88.exe	29
PID 1520 wrote to memory of 2788	1520	7e0d7a0a941bdb1fddee56abbf8b8c88.exe	29
PID 1520 wrote to memory of 2788	1520	7e0d7a0a941bdb1fddee56abbf8b8c88.exe	29

C:\Users\Admin\AppData\Local\Temp\7e0d7a0a941bdb1fddee56abbf8b8c88.exe
"C:\Users\Admin\AppData\Local\Temp\7e0d7a0a941bdb1fddee56abbf8b8c88.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1520
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\u7s5z108.bat""
  2⤵
  - Deletes itself
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\u7s5z108.bat

Filesize
190B

MD5
6b06e73c700827102f8c0a8167485171

SHA1
f81c49bbcfd894fa8c50749df439b85d7f248765

SHA256
69cfa387039dde379179da8e67024269f7ece80685e035a40c5ac278a55f737e

SHA512
236ca4d1026160a5d1df57d4fae98af65de6d54ad8d3777cde2056d19350f219cce44ae90ca55bc572563cc95f88393e5d079727f25d60f59b0c3fe8889d45f8

Download Submit
memory/1520-2-0x0000000004850000-0x00000000058B2000-memory.dmp

Filesize
16.4MB

Download