c5daf84f93ea2bf15f6443037cacf2109cf7ac07b1cca9d8bfe3d54f7a5001e9

General

Target

95b5a931740d780c4af7bb33b0a33b2a.exe
Size

910KB
MD5

95b5a931740d780c4af7bb33b0a33b2a
SHA1

d6edbbc626b95b1fdd7a31e2de92f84a70336919
SHA256

c5daf84f93ea2bf15f6443037cacf2109cf7ac07b1cca9d8bfe3d54f7a5001e9
SHA512

6b1880900598795d0380521e7b846d3cfa0a2a7da9c3c8d1e0b66481323d065f10353d6395e06c40c541e79c9ba1a087f84cc4b49d420c59d8257960616e8bbe
SSDEEP

24576:pRGTwxXlaZ/pZLxIu7IT2Bv+ZcL45/oVPRsms2Jm:/GsxoJxIu7IT2ZTb1Rtsem

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	95b5a931740d780c4af7bb33b0a33b2a.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	95b5a931740d780c4af7bb33b0a33b2a.exe
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	95b5a931740d780c4af7bb33b0a33b2a.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe
1236	95b5a931740d780c4af7bb33b0a33b2a.exe

C:\Users\Admin\AppData\Local\Temp\95b5a931740d780c4af7bb33b0a33b2a.exe
"C:\Users\Admin\AppData\Local\Temp\95b5a931740d780c4af7bb33b0a33b2a.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_4\HtmlView.fne

Filesize
224KB

MD5
bb95f50bb5f2144bd8fa57e3dfc038ad

SHA1
62f55ca2eddb1978270010f3788427f6b3dc107c

SHA256
a6aed940c07783d91b78568901d79b108d0d13a6a92eab081fffdda798784972

SHA512
75ae009d1f9b9f24df17529c87d425850ba1750fe6d0d93aa619fba5b4ca89ab5c13927741e4df827fd3d47cb2a3fce08972c531468aa89bcb1bffe3fc2e51d5

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\TrayIcon.fne

Filesize
144KB

MD5
f8707fc7275dbd973e9a7f72682450de

SHA1
54f00c9fb0827a69b133757fd67a474a1b35e31a

SHA256
a154fa991b1b8c202ae19a02f8a5f5b57745e9c6d7061908973e2da7f069625a

SHA512
2ed18f1dfaf898acbb8c78476a72a9403b67b25b05f588378a5979bb1e546829842f17a6abdd35d6b22c7a62c61a6e285ccc3aad31e7a8ba1607b879cf1c42c2

Download Submit
\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr

Filesize
1.1MB

MD5
c99826e5901ad146870b4ea8c74c6979

SHA1
0bcb1393ecfacefb8ee3b6199526d9bbc51364c5

SHA256
03aff11e16d3346689e977733c0539a17a00a97ca29b1f38e54c6adc4fb5cd21

SHA512
b3f8991bd95c72837a8c39099cf4a142a1b546d247b1d53edc40943b9c9e98e0fea4c6730468a38c33fea54061244e6a9101c35416b7a8e3741166c81440622b

Download Submit
memory/1236-22-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/1236-10-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1236-21-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/1236-20-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1236-9-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1236-8-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1236-7-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1236-6-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1236-2-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1236-28-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1236-27-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/1236-26-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/1236-25-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/1236-24-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/1236-23-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/1236-1-0x00000000002F0000-0x000000000033B000-memory.dmp

Filesize
300KB

Download
memory/1236-11-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1236-19-0x0000000000450000-0x0000000000451000-memory.dmp

Filesize
4KB

Download
memory/1236-12-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/1236-13-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1236-29-0x0000000002750000-0x0000000002850000-memory.dmp

Filesize
1024KB

Download
memory/1236-18-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/1236-17-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/1236-16-0x00000000004B0000-0x00000000004B1000-memory.dmp

Filesize
4KB

Download
memory/1236-15-0x0000000000490000-0x0000000000491000-memory.dmp

Filesize
4KB

Download
memory/1236-33-0x0000000002880000-0x00000000028B3000-memory.dmp

Filesize
204KB

Download
memory/1236-34-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1236-36-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1236-14-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/1236-38-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/1236-39-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download
memory/1236-40-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1236-42-0x00000000028F0000-0x000000000292B000-memory.dmp

Filesize
236KB

Download
memory/1236-0-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1236-74-0x0000000000400000-0x0000000000447000-memory.dmp

Filesize
284KB

Download
memory/1236-75-0x00000000002F0000-0x000000000033B000-memory.dmp

Filesize
300KB

Download

Analysis

Sharing