Analysis
-
max time kernel
144s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
04-02-2024 20:26
Static task
static1
Behavioral task
behavioral1
Sample
901321dadf4d00ed5282b3796ab2c326.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
901321dadf4d00ed5282b3796ab2c326.exe
Resource
win10v2004-20231215-en
General
-
Target
901321dadf4d00ed5282b3796ab2c326.exe
-
Size
12KB
-
MD5
901321dadf4d00ed5282b3796ab2c326
-
SHA1
18dc4feb90b697e2df6b13fbfea571850b492a41
-
SHA256
2310eda897904c3851c4ea99e3735f5d17b14152d46697c25d8336f9e895c604
-
SHA512
daf23682b68d959d4f534b0e1fa632c298dfb95202d04ed247288f821aebc37dbea03fe12b50a3923634b5633ed89c3e740568cc3fe5617b98903be06851f3e6
-
SSDEEP
192:XGL90b09HMyoAXdhTTadmJvRg8AZEPcEnSsEyncjWOL2edSgRLB/e/r:X+90A9HMyoAXbadmlm8AZE/nnn8jir
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2696 316 WerFault.exe 84 -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main 901321dadf4d00ed5282b3796ab2c326.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.master69.biz?1160" 901321dadf4d00ed5282b3796ab2c326.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 660 Process not Found
Processes
-
C:\Users\Admin\AppData\Local\Temp\901321dadf4d00ed5282b3796ab2c326.exe"C:\Users\Admin\AppData\Local\Temp\901321dadf4d00ed5282b3796ab2c326.exe"1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
PID:316 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 9162⤵
- Program crash
PID:2696
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 200 -p 316 -ip 3161⤵PID:5048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
174B
MD5b0590dab6f964af88a15a5483098ec03
SHA1fe4a65fb0d088e0cd487944200f6af4c54952ffc
SHA256b7f99792e6da832e739dd0523ad5e2307f2514088e89cd6b8ca5d6eec2b00579
SHA51219f785fd3242de2b926785b97e0289ba17e3c5d021b38fa44a5abbba971e8046fa419baa411e37889c6585511bd3046fb4cc80d6227cd84dae7745a1c6d54a37