Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 14:33

General

  • Target

    8720d04c541e19359d9434e2a671f904.exe

  • Size

    415KB

  • MD5

    8720d04c541e19359d9434e2a671f904

  • SHA1

    516f1b100dc2fdd82b30e9dfa8297ffe6fbe6965

  • SHA256

    16149fe4aa159035e3421c31d632ba17ab018a9792d8d8ea283739fb94b14d28

  • SHA512

    d40749816a61772c20934a3518f177820e7b9849f19f3e5e57539b3c12edf70be4d232b1c14d5aeff9dcd52cd233314d44ad8fc2d5322cc6eb7d4fa2e62a7aeb

  • SSDEEP

    6144:yfmXV93ikswB7SJcog4mOy74036KkOeMK+xdGb2GxEf+SZ+wr9YFLiby64XlJot:CKFswL4Hy740qKjLEvSf+oYFLzHot

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8720d04c541e19359d9434e2a671f904.exe
    "C:\Users\Admin\AppData\Local\Temp\8720d04c541e19359d9434e2a671f904.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Windows\SysWOW64\regscan.exe
      C:\Windows\system32\regscan.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:3628
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" üë^‹þW¬<Zt,AÀàŠØ¬,AêëìXÃèáÿÿÿILOMOIAJAAAAAAJAJAJAJAJAJAJAJAJAFOAPDBLJAIAAAAAAILNAFGIKMCCEAPAEEBIIAGEGMBOKAEOCPCMGAGAAFOILHNAEIDMHBFDDMAFGFHFAGKAEFAGKPPLILABGCFHGPPNAILNIIFMAHFBALIBAOACFHGPPNADNLHAAAAAAHELJOLEODDMAFHFAFAGIBPAAAPAAFDLIJAPFCFHGPPNAIFMAHEDALJAJAAAAAAIJAEAIIJFMAIAEOIBEAAAAAAILOMILHFAEILFOANPPHGAJLINAAFCGHGPPNAOLALIPEEAIAIILPIPMPDKEOLAKFDLIOACOCGHGPPNADDMAILOFMDZ
        3⤵
          PID:4128

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\regscan.exe

      Filesize

      344KB

      MD5

      84e058e004bb576ed24974ff989d8e3e

      SHA1

      4d293f9844798c54ad540e1b8f686aeab36915a6

      SHA256

      1277fcda40aed365ea166e09d23b4d40bc6fa5202a9750c63b4757f010986388

      SHA512

      54e0c50d474cb6c695c57947f2f623f04d97aece49a83bd2fec09072e83cb472cb99255e75707fa84bd36b4ee00b0b2209eb1389faec50ef7139cb9f087493bf

    • memory/3628-5-0x0000000000400000-0x00000000004C7000-memory.dmp

      Filesize

      796KB

    • memory/3628-7-0x0000000000400000-0x00000000004C7000-memory.dmp

      Filesize

      796KB

    • memory/4752-0-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB

    • memory/4752-6-0x0000000000400000-0x0000000000420000-memory.dmp

      Filesize

      128KB