8419906cd2df2dc0406be115fa13d1815469dd8a55dfb8962c6d2924b74551dc

Analysis

max time kernel
144s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d01e623f6c8fe01f97b05317597bd1f.exe
Size

5.2MB
MD5

8d01e623f6c8fe01f97b05317597bd1f
SHA1

dcd1bc58c59b64852f115f350cbcf082f949733c
SHA256

8419906cd2df2dc0406be115fa13d1815469dd8a55dfb8962c6d2924b74551dc
SHA512

fa3f5ddcbbb91d5391e8c16c2114235e5fd4fe8b8baf6f72e22e57dd1160da28cb0b340d87769deb9eabd6a2986569a77b23f278bc2850776f915aad7dc15cb2
SSDEEP

49152:EQFRHrmQG+yrY+FrBQG+aBQG+9QG+yrnrmQG+yrkQG+ygBQG+aBQIrmQG+yrY+F9:EcKHzs24MzWHzsc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2620	xbhl.exe

Loads dropped DLL 2 IoCs

pid	Process
2132	8d01e623f6c8fe01f97b05317597bd1f.exe
2132	8d01e623f6c8fe01f97b05317597bd1f.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	xbhl.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2620	xbhl.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2620	xbhl.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2620	xbhl.exe
2620	xbhl.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2620	2132	8d01e623f6c8fe01f97b05317597bd1f.exe	28
PID 2132 wrote to memory of 2620	2132	8d01e623f6c8fe01f97b05317597bd1f.exe	28
PID 2132 wrote to memory of 2620	2132	8d01e623f6c8fe01f97b05317597bd1f.exe	28
PID 2132 wrote to memory of 2620	2132	8d01e623f6c8fe01f97b05317597bd1f.exe	28

C:\Users\Admin\AppData\Local\Temp\8d01e623f6c8fe01f97b05317597bd1f.exe
"C:\Users\Admin\AppData\Local\Temp\8d01e623f6c8fe01f97b05317597bd1f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\xbhl.exe
  C:\Users\Admin\AppData\Local\Temp\xbhl.exe -run C:\Users\Admin\AppData\Local\Temp\8d01e623f6c8fe01f97b05317597bd1f.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xbhl.exe

Filesize
461KB

MD5
b84c50f24e18ad2abcc9f5bc5bcba691

SHA1
577d351abea6c0d6ace764a989244f8a541f4e31

SHA256
7a698ca4daa76cb5ef86afcea318166a242d2890d787597ed25ab02928b83387

SHA512
3ed329eeac15258c6bc9deef1d6cc767767265f973061380e73ffc0c153d9da07362a057914e9ea6c82f6fb7a951a679021da7eb76423dfcf9ab1f668dfd4569

Download Submit
C:\Users\Admin\AppData\Local\Temp\xbhl.exe

Filesize
155KB

MD5
4480a46b6e65dea177de428af0b9e0ba

SHA1
c8e25009dd1497c257fff67eaa1bbd4f89aebc18

SHA256
8b2953486de1a520248523431cac72362f366ccf69d956af04e9872e8f67f999

SHA512
4bd47e0564ee9f5d9d806c1ecdc84290561c60926f301a43378681b18ec38fe88e3ae55c906ab1902c70ba9bb13c908dec8535b21f2ac2d269fb33c0382a0fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\xbhl.exe

Filesize
107KB

MD5
a41d17ad3702ecd5ed702ea44d689c6d

SHA1
8fad3cd4b4c03f474c23511b33729dda1db71b18

SHA256
aaef9dd767c44dcf547bdfc2e4a08744eef62ec2e5d78ff697d40cc8f3c0f0c7

SHA512
9cf67c07c7aa675ecf6e8f7fcccfd931ecabb5a72bcae8eccf9a12601aeeb7e64e9d0657afb718c4935c2f1571adcbc005449f1247cdb74653d0afb04ab6a981

Download Submit
\Users\Admin\AppData\Local\Temp\xbhl.exe

Filesize
443KB

MD5
65594dbcc354894714ba9fd66c1e8c26

SHA1
b10627e54c553e40a1df8aaa2a383615ed2c692b

SHA256
ff93987c5bf3376e4daea18acbd2882bebf99054c817c4ad90e15b8d6491cfff

SHA512
bf4a37fbcd338a2ae7b5f3335339b44567bd234ae42f78e9ba7418766d0fa13613373c20bb0ad4b94fb07172e9fee9b59d4e1303c007075520c1091cf7128ca0

Download Submit
\Users\Admin\AppData\Local\Temp\xbhl.exe

Filesize
477KB

MD5
f1e8063c561bb1262776f5122460eebe

SHA1
2e42ea47d6165cc7ea47c0c7b38fc5c3fd92e53d

SHA256
20aa3efeb77c057fb8baad01a6f1dc92a6ebcd559515461c0b467f637228e70c

SHA512
bed5656b347b3464c817fe807ca80c9138d961d82b879cc5cfdd11fa36a06c6c3d5f13df05d92408d304f9a706c44dc0923834900fec14e2e4f9c75ddd2b0dfd

Download Submit
memory/2132-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-25-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/2132-24-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2132-23-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/2132-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2132-22-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/2132-21-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2132-20-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2132-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-19-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2132-18-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2132-17-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2132-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2132-15-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2132-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2132-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2132-12-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2132-10-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2132-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2132-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-8-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2132-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2132-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-7-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2132-26-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/2132-27-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/2132-5-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2132-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2132-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2132-52-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2132-53-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2132-62-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2132-63-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2132-65-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2132-64-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/2132-61-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2132-3-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2132-4-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2132-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2132-1-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/2132-2-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2620-69-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/2620-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2620-68-0x0000000002310000-0x0000000002316000-memory.dmp

Filesize
24KB

Download
memory/2620-67-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2620-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2620-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2620-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2620-118-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download