4642428a97735be8232efcb4f673c955a1eac65290987f28810d045a94f3b67e

Analysis

max time kernel
124s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 09:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96c6eadca7e2d7b618f5dd924b37fe0a.exe
Size

304KB
MD5

96c6eadca7e2d7b618f5dd924b37fe0a
SHA1

6648a7b39466892f58dd10462bf06e5a83484ae2
SHA256

4642428a97735be8232efcb4f673c955a1eac65290987f28810d045a94f3b67e
SHA512

2ff3dbe35b553c6d34b0c40f9bd5f00a27977859995cd7205f5082d7c719faca88c6ea97d3c7df0c9b684a1898491036597219ee7aba3dead94f946b97a891bb
SSDEEP

6144:a8hg7V2//I/LOpqLV5HxY3R5n62+kxiO/bE:aCkVg/I68V5HxY3b6V+iO

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\system32\drivers\etc\service5.ini	96c6eadca7e2d7b618f5dd924b37fe0a.exe

Loads dropped DLL 3 IoCs

pid	Process
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\RCXC41A.tmp	96c6eadca7e2d7b618f5dd924b37fe0a.exe
File opened for modification	C:\Program Files\Windows NT\sms_log.txt	96c6eadca7e2d7b618f5dd924b37fe0a.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.txt	96c6eadca7e2d7b618f5dd924b37fe0a.exe
File opened for modification	C:\Program Files\Windows NT\service6.ini	96c6eadca7e2d7b618f5dd924b37fe0a.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe	96c6eadca7e2d7b618f5dd924b37fe0a.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe	96c6eadca7e2d7b618f5dd924b37fe0a.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe	96c6eadca7e2d7b618f5dd924b37fe0a.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\temp.txt	96c6eadca7e2d7b618f5dd924b37fe0a.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	96c6eadca7e2d7b618f5dd924b37fe0a.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe
2212	96c6eadca7e2d7b618f5dd924b37fe0a.exe

C:\Users\Admin\AppData\Local\Temp\96c6eadca7e2d7b618f5dd924b37fe0a.exe
"C:\Users\Admin\AppData\Local\Temp\96c6eadca7e2d7b618f5dd924b37fe0a.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe

Filesize
308KB

MD5
33e6d54df6223c195072ed139881fdb8

SHA1
1b4ca928713ab45a78c2ba989cad31e39bb581bf

SHA256
60ed8e339c5b30ead1ed1b1fae6b5549a3ec43e73c016013f3fdfc7a125756c5

SHA512
09b0ca0fd5f45c714d1893e9b4bea197b2bf3ecfc8f556274f689e6b044a36aaef521fe3f14b593aeb38e387a41e7804958a3721f15348fd0c970702fbcd3788

Download Submit
\Program Files (x86)\Microsoft Office\Office14\iaanotif.exe

Filesize
89KB

MD5
901aa7a38ce13f14b6bbec38c0595698

SHA1
6abd81a46557f72680eb9e5fc74223b8c9c32088

SHA256
1e95f2048e2a1782807d52e9816ed267355718e24d01ff07ace73d965ede388a

SHA512
34bb4f656423021873363ec8dd1908fd1d01017e607ff8bc79fea3176ffb18f3281dcf21f7bedcd96c4ddbcff70bb2943435a18e31ddfb6f6c5bd226bf901672

Download Submit