61c9df97d8de061bccc8173368d5ad752d32ecd219cb78eafa830c1338212e7e

Analysis

max time kernel
141s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cf6a5827a95d7e14be7b0bdc0bec1ec.exe
Size

7.2MB
MD5

8cf6a5827a95d7e14be7b0bdc0bec1ec
SHA1

1ea014ed096dcf31e3bb6a9cfbea8c593f3134c1
SHA256

61c9df97d8de061bccc8173368d5ad752d32ecd219cb78eafa830c1338212e7e
SHA512

74f2da0ad7e0213180c690ad5beb25d3211c7ab7667ad36d986ceaddfb68f0a9b00ff5839a3ae7bb7f313a728b2082a95ddc40ffd8f206702b21e1202985fc9a
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rcrvrTrmrcrvrTrzr/rFrvrTrmrcrvrTrzr/R:EcKO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2888	p.exe

Loads dropped DLL 2 IoCs

pid	Process
2316	8cf6a5827a95d7e14be7b0bdc0bec1ec.exe
2316	8cf6a5827a95d7e14be7b0bdc0bec1ec.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	p.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2888	p.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2888	p.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2888	p.exe
2888	p.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2888	2316	8cf6a5827a95d7e14be7b0bdc0bec1ec.exe	17
PID 2316 wrote to memory of 2888	2316	8cf6a5827a95d7e14be7b0bdc0bec1ec.exe	17
PID 2316 wrote to memory of 2888	2316	8cf6a5827a95d7e14be7b0bdc0bec1ec.exe	17
PID 2316 wrote to memory of 2888	2316	8cf6a5827a95d7e14be7b0bdc0bec1ec.exe	17

C:\Users\Admin\AppData\Local\Temp\8cf6a5827a95d7e14be7b0bdc0bec1ec.exe
"C:\Users\Admin\AppData\Local\Temp\8cf6a5827a95d7e14be7b0bdc0bec1ec.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\p.exe
  C:\Users\Admin\AppData\Local\Temp\p.exe -run C:\Users\Admin\AppData\Local\Temp\8cf6a5827a95d7e14be7b0bdc0bec1ec.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\p.exe

Filesize
303KB

MD5
bca2ec90d9de9346dceb4bad58770191

SHA1
0c94f646d84d52a624842494b03b387995a4818f

SHA256
6daa8e8422799c8788b145d7a7919c98101c1281a70f9b31b077e12a26b632d0

SHA512
eb8bcf040142e159c85f140e4bd4252d8c8d68a8cfc9b673eec5a347176cbe2cd1e1b106c547139c04b0c38441477d3edf83919fe51eafdf2000feec6c8acb44

Download Submit
C:\Users\Admin\AppData\Local\Temp\p.exe

Filesize
165KB

MD5
baef188ae0ccfc86596f4961af1b0da4

SHA1
30722d5f3dae65b949abd1bb8764dda24b6bf55e

SHA256
14c3e3b97df4380d01ec648c14b9dcba165feb41305f72ae4ab7eaeb491edd82

SHA512
67bad622c56b3098cb59e3dd1e331508f29bab9f049022b32f394499c8291544a21641fb4c7c000802253c2b6d4ff1f6e634579d569849ccdf089ae1d16c6759

Download Submit
C:\Users\Admin\AppData\Local\Temp\p.exe

Filesize
123KB

MD5
b77f0ada4b5c75b1551375cb923df35c

SHA1
0907f90e08544ae3c65c4b9761996c07479ff9d2

SHA256
9f18ec0ce69ffc6fc5c1aeb0cf99fd62274f4f8e4d0a345b8fe30ffa8dfadc6e

SHA512
1ce2b5d3efbc2f32018e276fdf47edf090c77f957c1d5a8cb72ffc57bc3ee15a0ac3d81c0796e338eb2d48ee5af695932a4c9ef090f79d33284c6b4a65194404

Download Submit
\Users\Admin\AppData\Local\Temp\p.exe

Filesize
168KB

MD5
2a80b8e38086283a47be8dfcf294f44a

SHA1
4f9ca7be91ef2ebc0dac06b6ba32f8dc897f6983

SHA256
5876aea22fa986d6d598db74ba96735e49f380ba0fee7b1f1476ffea6db15976

SHA512
b51cfd45f431fc043d67a1a1deb6de429bebe79af42ae96d3d1147793eccebda8f08638e3c2121ff1360ef9aed9e35513b6afa0657d170fa0b603250c61aec0a

Download Submit
\Users\Admin\AppData\Local\Temp\p.exe

Filesize
170KB

MD5
76a41671b0b50b7632c00c74bcb004ab

SHA1
c23ad0e313bc333f9a2793bb6f27031a931f4f01

SHA256
3c246a0f62d88c427486716806161b84eec4b330b6d6a915c2187725e0a6ff04

SHA512
d125c3439937ec32c7243ef26ddc3303e4814218f030f66367cb394893da759e57febd39563e00855b8f435a05d491ee7b008766b35b023c50d0ad48784f2bec

Download Submit
memory/2316-10-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2316-15-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2316-38-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2316-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2316-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2316-2-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2316-28-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2316-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2316-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2316-5-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2316-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2316-7-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2316-1-0x0000000000280000-0x00000000002D0000-memory.dmp

Filesize
320KB

Download
memory/2316-8-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2316-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2316-40-0x0000000000280000-0x00000000002D0000-memory.dmp

Filesize
320KB

Download
memory/2316-14-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2316-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2316-16-0x0000000001D80000-0x0000000001D81000-memory.dmp

Filesize
4KB

Download
memory/2316-17-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2316-18-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2316-19-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

Filesize
4KB

Download
memory/2316-20-0x0000000001DC0000-0x0000000001DC1000-memory.dmp

Filesize
4KB

Download
memory/2316-21-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2316-22-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2316-23-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/2316-24-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2316-25-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2316-26-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2316-27-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2316-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2316-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2316-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2316-12-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

Filesize
4KB

Download
memory/2316-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2888-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-45-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2888-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-70-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2888-72-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2888-73-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2888-71-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2888-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2888-44-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/2888-92-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download