069eb7691784b753ab312e610a785ccfddc61cb6b5327e4338d1159b1960cbaa

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DubaTool_MSNFunny.exe
Size

109KB
MD5

b118b81e55041523bf64bd6bb30b9b8d
SHA1

8599c9e5d787b48a5e5601b2d4c33dd2335589b9
SHA256

5bd7103c78ed414a4db7c1a34cd15823a2e09d859b369d7e5cb34af757e0befe
SHA512

55d9163c1172f730127833da1356f0fec13740ae9bd1dbf926c0b703bcb6f5042e3a73d1c547806e284f696cf1593b01138a3e54f7fd7e470cf38139d8fc7bd4
SSDEEP

1536:NVuYFeWCFJqrlyUR5FanTzGTUMZaASBE3cCoPRgZiSYf7nCsMGzdPJ1xA:irMsTzGTc/S3cCoRgYSYDnOEj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	DubaTool_MSNFunny.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	DubaTool_MSNFunny.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	DubaTool_MSNFunny.exe
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Software\Microsoft\Internet Explorer\IESettingSync	DubaTool_MSNFunny.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4804	DubaTool_MSNFunny.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4804	DubaTool_MSNFunny.exe
4804	DubaTool_MSNFunny.exe
4804	DubaTool_MSNFunny.exe
4804	DubaTool_MSNFunny.exe
4804	DubaTool_MSNFunny.exe

C:\Users\Admin\AppData\Local\Temp\DubaTool_MSNFunny.exe
"C:\Users\Admin\AppData\Local\Temp\DubaTool_MSNFunny.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\default.htm

Filesize
621B

MD5
3d2c6b7251bfbb6a716c7e5c6dc3887e

SHA1
a92242fcca9a01cf02ecb232c00ca8d2b8ce8bb3

SHA256
980b5ba2a8f382990b86e5a81ea91ce19c172f7bf1bc4ca660ed6d803641885e

SHA512
8480c0c30ae3e28f821a0a0880ab3da736f17b4017703775d7c881664fec5395f8b413668795fb32fdd7484d515c052896cbd918a120b2cec62c39014f1e9b25

Download Submit
memory/4804-0-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download
memory/4804-10-0x0000000000400000-0x00000000004F3000-memory.dmp

Filesize
972KB

Download