ab20196e7d8a2bc80f7182c73ce3980dab5c2f5676d7d4c0b6aa448d92afc722

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 03:17

Target

985745f1d105234f422554ea8554f2ed.exe
Size

1.3MB
MD5

985745f1d105234f422554ea8554f2ed
SHA1

e0dc43f62890f0c17390fdaa260f60055ba4452a
SHA256

ab20196e7d8a2bc80f7182c73ce3980dab5c2f5676d7d4c0b6aa448d92afc722
SHA512

3a99131e7ea70e243ba0cda7cead4d6726f7481d71da4bb4335ffbb902f9d1bfad1896d5475e47c767dbb8373311e5ca90d954ff568244b68102148beb318d19
SSDEEP

24576:EfHhvKfiF1N8OPXx33OpfPFmcyou2c6udcKOnEp222222222222222222222222o:hiHNZZ3+pfPFmc/c6zHnEp222222222D

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

Modify Registry

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	985745f1d105234f422554ea8554f2ed.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	985745f1d105234f422554ea8554f2ed.exe
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	985745f1d105234f422554ea8554f2ed.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2536	985745f1d105234f422554ea8554f2ed.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2536	985745f1d105234f422554ea8554f2ed.exe
2536	985745f1d105234f422554ea8554f2ed.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\index.html

Filesize
9KB

MD5
f7c3f6b0d8ae4b8181daa933cba27598

SHA1
ad734fb4b5d9cc7e550e6d497f84d88e48c76020

SHA256
e4b4d5c0b653f2ee61bca5532a4954ea80246a89bd315ab54ce863a33ec22cb0

SHA512
4dc5d1c5c82ce14ade0a51fca40a679a5ecfdc26770de144821538463dbfe8d58ead8f13cf9323295d5e1d12298fdd4ca922223ef081431760fc4eb6bc2e81c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery-ui.min.1.8.0.js

Filesize
113KB

MD5
ad28b33f77e81415ffce95ddcac69dc3

SHA1
9a725e0c758cad5bccc8cc8073b92e6b04c7a5e6

SHA256
9f07edd7fa2ba1f661217f48d10357612965394154572b103affeb3ea683ecea

SHA512
ac42ab5dae9a9d15e7525f7b04f28ee952ec5061c9dff5f6d9540e864ce188e5fac6b6f83eb9e9a3bf000af5c3be56aa3ec8e77a58502fb02722fd552b141f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery.min.1.6.4.js

Filesize
89KB

MD5
219073097031d9c1a95a1291d66f3a10

SHA1
2b7996b01d90b7f424f2a2e6063947461db4b2b2

SHA256
232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef

SHA512
9ad2745f96cf79a4d59393cc3fbb3958b244013f6798c12abe41e37fca80df3c7cedab4b47cbd197645c86b31077388ec8f01ea8d67c5feacbef95b1ae7582b5

Download Submit
memory/2536-0-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/2536-1-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2536-72-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download