2e73d0cf56f6b36bee161bb3a17edeb3ad389fb6b8eaa9cf1ce074e5b0e970c3

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2024 11:11

Target

7fb141fb233a9100064b77d7f23b190e.exe
Size

282KB
MD5

7fb141fb233a9100064b77d7f23b190e
SHA1

997603c51b7278975951ba0886c60252251d9366
SHA256

2e73d0cf56f6b36bee161bb3a17edeb3ad389fb6b8eaa9cf1ce074e5b0e970c3
SHA512

925ae4cc49c67329d1cfd32c12a34d19ffa34e796def81fb50b2dea6ace8ee3472c886eed04d47fcad138452af06f832ded7c63526ddcd050128d46b204de55a
SSDEEP

6144:EfyvEJCGqAlLeDcmE798Mj4HWdCB9AF4za2kaADxv9poljBn:+8AhVmEx8RHWdCJYaADxvfABn

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3248	Happy

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Happy	7fb141fb233a9100064b77d7f23b190e.exe
File opened for modification	C:\Program Files (x86)\Happy	7fb141fb233a9100064b77d7f23b190e.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\DELME.BAT	7fb141fb233a9100064b77d7f23b190e.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	Happy
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	Happy
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	Happy
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	Happy
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	Happy

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1596	7fb141fb233a9100064b77d7f23b190e.exe
Token: SeDebugPrivilege	3248	Happy

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3248	Happy

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 2584	1596	7fb141fb233a9100064b77d7f23b190e.exe	86
PID 1596 wrote to memory of 2584	1596	7fb141fb233a9100064b77d7f23b190e.exe	86
PID 1596 wrote to memory of 2584	1596	7fb141fb233a9100064b77d7f23b190e.exe	86
PID 3248 wrote to memory of 3048	3248	Happy	85
PID 3248 wrote to memory of 3048	3248	Happy	85

C:\Users\Admin\AppData\Local\Temp\7fb141fb233a9100064b77d7f23b190e.exe
"C:\Users\Admin\AppData\Local\Temp\7fb141fb233a9100064b77d7f23b190e.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1596
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\DELME.BAT
  2⤵
  PID:2584

C:\Program Files (x86)\Happy
"C:\Program Files (x86)\Happy"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:3048

C:\Program Files (x86)\Happy

Filesize
282KB

MD5
7fb141fb233a9100064b77d7f23b190e

SHA1
997603c51b7278975951ba0886c60252251d9366

SHA256
2e73d0cf56f6b36bee161bb3a17edeb3ad389fb6b8eaa9cf1ce074e5b0e970c3

SHA512
925ae4cc49c67329d1cfd32c12a34d19ffa34e796def81fb50b2dea6ace8ee3472c886eed04d47fcad138452af06f832ded7c63526ddcd050128d46b204de55a

Download Submit
C:\Windows\DELME.BAT

Filesize
190B

MD5
9e833095a50dc72ac7757a62c1e6593d

SHA1
35e8fe604f90574f3c148100a9fde9bd0a397a4e

SHA256
4f9bc5f669d4956d21242f943fdde54c7098de855c4cb2f85cc2786a43e29748

SHA512
d28e38fd47b7b6f0273e975c0b3e6365a0efb0769063d031e40a7973d2e88b73a9eb4752025424439c110e6c33b404b82f24526f200f1c005fa7d2caeb05008b

Download Submit
memory/1596-0-0x0000000000400000-0x000000000050D92C-memory.dmp

Filesize
1.1MB

Download
memory/1596-1-0x0000000000400000-0x000000000050D92C-memory.dmp

Filesize
1.1MB

Download
memory/1596-2-0x00000000022C0000-0x00000000022C1000-memory.dmp

Filesize
4KB

Download
memory/1596-10-0x0000000000400000-0x000000000050D92C-memory.dmp

Filesize
1.1MB

Download
memory/3248-8-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/3248-12-0x0000000000400000-0x000000000050D92C-memory.dmp

Filesize
1.1MB

Download
memory/3248-14-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download