a65c40200fbb60a7b8aff743b5dc7c53684b0af90a071547e4ac6b525d02dff3

Analysis

max time kernel
144s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98b81cbae65f05785b0781dc2f97ae81.exe
Size

14.9MB
MD5

98b81cbae65f05785b0781dc2f97ae81
SHA1

1b2dbc53d1e3a2a4eac60c2599ae2a317475cea7
SHA256

a65c40200fbb60a7b8aff743b5dc7c53684b0af90a071547e4ac6b525d02dff3
SHA512

27f881d73c77797e9f4f145b6f77bafca3dad35a66a0c01030757f7b29c354bd6c2b6eca2af84525f45012772b23af0c0e6b94a5db39cec53e10a215ccac33ff
SSDEEP

98304:EcKlLl8lknlyL5YL5cly3+knlyL5YL5clt5cly3+knlyLH+knly1:Eg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2864	w.exe

Loads dropped DLL 2 IoCs

pid	Process
928	98b81cbae65f05785b0781dc2f97ae81.exe
928	98b81cbae65f05785b0781dc2f97ae81.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	w.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2864	w.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2864	w.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2864	w.exe
2864	w.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 2864	928	98b81cbae65f05785b0781dc2f97ae81.exe	28
PID 928 wrote to memory of 2864	928	98b81cbae65f05785b0781dc2f97ae81.exe	28
PID 928 wrote to memory of 2864	928	98b81cbae65f05785b0781dc2f97ae81.exe	28
PID 928 wrote to memory of 2864	928	98b81cbae65f05785b0781dc2f97ae81.exe	28

C:\Users\Admin\AppData\Local\Temp\98b81cbae65f05785b0781dc2f97ae81.exe
"C:\Users\Admin\AppData\Local\Temp\98b81cbae65f05785b0781dc2f97ae81.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:928
- C:\Users\Admin\AppData\Local\Temp\w.exe
  C:\Users\Admin\AppData\Local\Temp\w.exe -run C:\Users\Admin\AppData\Local\Temp\98b81cbae65f05785b0781dc2f97ae81.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\w.exe

Filesize
479KB

MD5
4ae0aff9c39e263764739610ec26120d

SHA1
37a9d2887d3ab7a180b7b5b29a59bb0096993a3c

SHA256
71ebea2bb67a66c7e483c1ace7360b21dd5d81dbd55f7ebafec4c866f9ef79d2

SHA512
68e42f7b55298cc5111faba8dfa1cc55f47922024be276b57589612487c5f8eff84b9c9e62cb11eb74037c07e73b540a5b927f487ca32a58fc48e3a8e7e64f35

Download Submit
C:\Users\Admin\AppData\Local\Temp\w.exe

Filesize
474KB

MD5
f0e1775ca19b81efec292f134b203918

SHA1
9f7bcd90144e6483a656f35681e0d26b3dfcdc17

SHA256
4c874e6d1a9235a472748ddc9c31bf3cb5ce12e7f080b31dae012df957530336

SHA512
f4d860e2982333d9f8103f0f8cb6caab4304f80d2987e085de5ef6aabd838dd0e64bf5fee41c3af46ea839bb58d677f17b4e3356adc3430571d426b502792b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\w.exe

Filesize
252KB

MD5
8ba7c2cfc0a58e614f5843f48f65df2b

SHA1
b8d2a05b4916859e43921fd5d3e08be01a08376c

SHA256
4fd135ba4ee83abb21b9fc8b95afcb03cd5d0f993a25d65448c66781d67305b4

SHA512
3f4790539577ee772284be7b596a025c8872bbeca724e1f1daafe1af50d4c976f19571d433366ddc16897fa8e175f463dbf15f90f4fb5f3b9d9bdd88f3c4f01e

Download Submit
\Users\Admin\AppData\Local\Temp\w.exe

Filesize
3.5MB

MD5
0fa5db97a408da4807b3df2a35a02460

SHA1
e66b132a6eb27cbfef8a5c609d124bdad6618f4b

SHA256
ae91843573f47f86f7c09ad2aaa09e674a23dc672aa13eea3c3e975c7cd8ac85

SHA512
1543d75c2ceeb168702e0c3a5e8186cf67e056ce9831928d4d210b3ad8d48e6e70d8746af38548dbef36a6b606330b6912395b6648d51ecf7910592c26e1d301

Download Submit
\Users\Admin\AppData\Local\Temp\w.exe

Filesize
413KB

MD5
9c13f5051525ee096d4d0df9f35805d9

SHA1
3b4638995eef9d032f491d8de4f82111a58f559a

SHA256
9d861012eda9b1586864bff415f470976d3828abae38d51119ca8d8765bf4e81

SHA512
5efa9b39f0ab9773df33d065afd72351b1c77de64ae9b95a3bfff8737996ccc9cfe6ae1f9d219725504c32f6a44018276040392e4ec53ec339721e62b1701300

Download Submit
memory/928-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-19-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/928-7-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/928-8-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/928-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/928-10-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/928-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/928-12-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/928-14-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/928-16-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/928-15-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/928-17-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/928-18-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/928-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-20-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/928-21-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/928-22-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/928-23-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/928-24-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/928-25-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/928-26-0x0000000001F20000-0x0000000001F21000-memory.dmp

Filesize
4KB

Download
memory/928-27-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/928-28-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/928-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/928-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/928-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/928-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-55-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/928-5-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/928-65-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/928-4-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/928-66-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/928-2-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/928-59-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/928-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-3-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/928-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-56-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/928-1-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/928-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/928-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2864-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2864-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2864-69-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2864-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2864-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2864-68-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2864-132-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download