eda36078e21f3f5788badb1e26dfd07f775becfc8c16a4ae4eda88be25f746d1

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 11:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f1535281df97440df99312fd9ddefbe.exe
Size

4.9MB
MD5

8f1535281df97440df99312fd9ddefbe
SHA1

87aadf12e680a2fdc2484e0ff6a7e0c16a82db29
SHA256

eda36078e21f3f5788badb1e26dfd07f775becfc8c16a4ae4eda88be25f746d1
SHA512

db199f76dd9a0f494a2909c09914d66698eb2d99e790627ca34a0545730d4edf77fdabe316655927bea48be06bdced186350ac7efcfc9c4b5e47972c87d7457f
SSDEEP

49152:EQFRHrmQG+yGwmQG+yG3QG+eQG+yGwRG3QG+eQG++3QG+uWrmQG+yGw9www+:EcKo0h8hdTd

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2728	ivago.exe

Loads dropped DLL 2 IoCs

pid	Process
1216	8f1535281df97440df99312fd9ddefbe.exe
1216	8f1535281df97440df99312fd9ddefbe.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	ivago.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2728	ivago.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2728	ivago.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2728	ivago.exe
2728	ivago.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 2728	1216	8f1535281df97440df99312fd9ddefbe.exe	28
PID 1216 wrote to memory of 2728	1216	8f1535281df97440df99312fd9ddefbe.exe	28
PID 1216 wrote to memory of 2728	1216	8f1535281df97440df99312fd9ddefbe.exe	28
PID 1216 wrote to memory of 2728	1216	8f1535281df97440df99312fd9ddefbe.exe	28

C:\Users\Admin\AppData\Local\Temp\8f1535281df97440df99312fd9ddefbe.exe
"C:\Users\Admin\AppData\Local\Temp\8f1535281df97440df99312fd9ddefbe.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Users\Admin\AppData\Local\Temp\ivago.exe
  C:\Users\Admin\AppData\Local\Temp\ivago.exe -run C:\Users\Admin\AppData\Local\Temp\8f1535281df97440df99312fd9ddefbe.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ivago.exe

Filesize
704KB

MD5
37e265670819a61d5d2cadaeeac5c738

SHA1
1b19cc4ec72026443c77b21fff94b358fb156b55

SHA256
2477369da205bc1d780488f1b0a0486403ec8eb7241cc51b7c3215c85049043d

SHA512
40bf4aa2d2d18170fb3ae71eb12c53fd223c35eaac600ec1e08b7213edef1c70c5052d4499b4209d03c6d4205975dc4b7c6966bbb945926370bb1af5e914b135

Download Submit
C:\Users\Admin\AppData\Local\Temp\ivago.exe

Filesize
1.6MB

MD5
52f872c36cea1a6db80681427fdb2107

SHA1
54a35362eb4cc5f20e23648c7db2dbea8131f663

SHA256
57a5b3fd62ba1e0ca4202b84440de8808015c435a5b3c8d0de398105a2b971f7

SHA512
7dba958d9b1fad4ffc140887dd47f2b1ca76f455c3c89927196383a20f4de39201142f5a91c539aa44c5035680ec76bccfd24f9bf9a4428bf797abc83912a5fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ivago.exe

Filesize
2.1MB

MD5
bccd56467c31ab97c3243def4bec27ca

SHA1
fa9e66a7a947d602b1bf6ff1f2699c6310361afc

SHA256
56f171e136963a0b06c6d868d1f76200f6d416217d6f9bc48b1117a4ead503b5

SHA512
5ac7ddfb6a9d11f1f2d4d1b0fa747f9e310b46ad079f44dc365aa79e76eaf987a326496bf9e41a06c818496d2bd4b5db1bd0dcaec4a60c6f08a1d717240fe7c9

Download Submit
\Users\Admin\AppData\Local\Temp\ivago.exe

Filesize
2.7MB

MD5
08c6be18c24987d17e1c66b937697ae9

SHA1
c0281ec0ca63f4837172960a25462589f509893e

SHA256
1ee7fb14e2d5df25f55a22bdc60e325bdac1956b8989dc01e639b8741a60181f

SHA512
0e6099d93148962a1b4f4ce6e6f07adbeba78619fc7c408f5941d1d1a263c965462de206a329c37c9877bf3cc0ea71fd7ec48bfe8672356ec5e6969451098510

Download Submit
\Users\Admin\AppData\Local\Temp\ivago.exe

Filesize
1.1MB

MD5
abc70bd855acd22aa4d3574505a91bb5

SHA1
b2b5aeac41b201d7874c255f2098de1484ad9add

SHA256
b37cda752cee0b4e4de2c000fdcf5cf4dca6d60a0d5a7930692b4e7fae5ac0e9

SHA512
cb286cbd69fe970e51761e0c1f65d6a8e8a124a10986b9c5c90664f6fc9858350b373a7ffe256c41c25d45dfb3637e535506102209b4efabeb3f725ee67babe0

Download Submit
memory/1216-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1216-10-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1216-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1216-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1216-8-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1216-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1216-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1216-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1216-27-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/1216-26-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/1216-25-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/1216-24-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/1216-23-0x0000000000610000-0x0000000000611000-memory.dmp

Filesize
4KB

Download
memory/1216-22-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/1216-21-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1216-20-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/1216-19-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1216-18-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1216-17-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1216-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1216-15-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1216-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1216-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1216-12-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1216-2-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1216-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1216-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1216-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-5-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1216-1-0x0000000000310000-0x0000000000360000-memory.dmp

Filesize
320KB

Download
memory/1216-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-47-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1216-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1216-49-0x0000000000310000-0x0000000000360000-memory.dmp

Filesize
320KB

Download
memory/1216-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-54-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2728-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-53-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/2728-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2728-229-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download