6acc3720054f0d05896c8817d347b77f3281f4eb582ae1460080c876d72131ec

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 15:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a22b2dd3927eadb583bc2f1695a1e78e.exe
Size

1.7MB
MD5

a22b2dd3927eadb583bc2f1695a1e78e
SHA1

c0dedf827777c35ce4d0c79f2221e7faa82f6d0a
SHA256

6acc3720054f0d05896c8817d347b77f3281f4eb582ae1460080c876d72131ec
SHA512

a0acabc47a0ecd1bb92cb39051f3b3719403683bef28400ac2ee9dc30cb7d91f8919101c9f415522cb19257e99a223dcf3815cf9c24bb47ff3c59f3af1ba6694
SSDEEP

49152:WHTJ3orxo61Ay6rQmCUEzaWUWFATEJNpB3XpgEgb:WHTR2e61wrwXzaxoHpB3XpRgb

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\drivers\hz.dat	a22b2dd3927eadb583bc2f1695a1e78e.exe
File opened for modification	C:\WINDOWS\system32\drivers\etc\hosts	a22b2dd3927eadb583bc2f1695a1e78e.exe
File created	C:\WINDOWS\SysWOW64\drivers\set.ini	a22b2dd3927eadb583bc2f1695a1e78e.exe

Loads dropped DLL 8 IoCs

pid	Process
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\WINDOWS\SysWOW64\config\softwarea.log	a22b2dd3927eadb583bc2f1695a1e78e.exe
File created	C:\Windows\SysWOW64\1.mp3	a22b2dd3927eadb583bc2f1695a1e78e.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000\Software\Microsoft\Internet Explorer\Main	a22b2dd3927eadb583bc2f1695a1e78e.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe

Suspicious use of SetWindowsHookEx 56 IoCs

pid	Process
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe
2292	a22b2dd3927eadb583bc2f1695a1e78e.exe

C:\Users\Admin\AppData\Local\Temp\a22b2dd3927eadb583bc2f1695a1e78e.exe
"C:\Users\Admin\AppData\Local\Temp\a22b2dd3927eadb583bc2f1695a1e78e.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\drivers\set.ini

Filesize
116B

MD5
395b44ae3fcf38a89d38169d39c0921c

SHA1
8dc2025a223d746994495e5ca033bb44aa7bdf91

SHA256
18a6306cc73aa5fb2f5f7db60f99f09686702abe0b08db90f0b294da8bb4fd74

SHA512
42de087104d3c70a7c2d4b83d7ebf2beec772fa8ea37b9e081bf101fd770e5d5c054111ea659a830a0f7457c9a953726472a272042171d6b42ad40f29374614c

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\HtmlView.fne

Filesize
212KB

MD5
4c9e8f81bf741a61915d0d4fc49d595e

SHA1
d033008b3a0e5d3fc8876e0423ee5509ecb3897c

SHA256
951d725f4a12cd4ff713ca147fa3be08a02367db6731283c3f1ba30445990129

SHA512
cf2c6f8f471c8a5aad563bc257035515860689b73ce343599c7713de8bc8338a031a722f366e005bc1907d6fc97b68b8b415e8ff05b7324fb1040c5dc02315d7

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\eAPI.fne

Filesize
328KB

MD5
cbd788f4c71b9776660d6e8473ae0e09

SHA1
0189cd47bfa5d1cac0d7f1a33953d279f60b02bf

SHA256
db0a6d7b75503daaf93c8e62ce67abd3afd57daaef4a448ec25a43d1de69e47e

SHA512
84bc02c67e3a3a9f77418b25afe7ec55e5bb5ca5a6c05503d94dffa57a30c7608e79bb4f83fe91c39ccce16872df2b3f9e7e5a8eafb4f563b1f961b93e9b8c94

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\eNetIntercept.fne

Filesize
156KB

MD5
ca08022deda03a89eb0f3232b265bca6

SHA1
29a3585b6c524a28fd272214691b65a48b7027b1

SHA256
00a98605d8ee60639c8de56862a50f1adf3f83e265ab636f98c017b719b013bf

SHA512
65587c3c0a3d0feaf1aa7c676626ae0a8bd158595af4e855cf7588ef8a831903350a756dd2f8010dda10173abdb1418751e92c509c6b74a3b829465ab5030c15

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\iext.fnr

Filesize
216KB

MD5
cba933625bfa502fc4a1d9f34e1e4473

SHA1
5319194388c0e53321f99f1541b97af191999a09

SHA256
25549c7781b3f1b92e73b0ea721d177207cce914a66f3229a71291f2eb160013

SHA512
f5fb4b97c4f68a20e0847e6528740ce659c4501726f3b2dff1ac83e88a3b7198099da03edb0f069cd4af7ed568a2373597b235cd239895addfa5226d3a444142

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\internet.fne

Filesize
192KB

MD5
0503d44bada9a0c7138b3f7d3ab90693

SHA1
c4ea03151eeedd1c84beaa06e73faa9c1e9574fc

SHA256
7c077b6806738e62a9c2e38cc2ffefefd362049e3780b06a862210f1350d003e

SHA512
f14dfa273b514753312e1dfc873ac501d6aa7bbd17cd63d16f3bcb9caddcb5ea349c072e73448a2beb3b1010c674be9c8ad22257d8c7b65a3a05e77e69d3b7a8

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
1.1MB

MD5
638e737b2293cf7b1f14c0b4fb1f3289

SHA1
f8e2223348433b992a8c42c4a7a9fb4b5c1158bc

SHA256
baad4798c3ab24dec8f0ac3cde48e2fee2e2dffa60d2b2497cd295cd6319fd5b

SHA512
4d714a0980238c49af10376ff26ec9e6415e7057925b32ec1c24780c3671047ac5b5670e46c1c6cf9f160519be8f37e1e57f05c30c6c4bda3b275b143aa0bf12

Download Submit
\Users\Admin\AppData\Local\Temp\E_N4\shell.fne

Filesize
40KB

MD5
d54753e7fc3ea03aec0181447969c0e8

SHA1
824e7007b6569ae36f174c146ae1b7242f98f734

SHA256
192608ff371400c1529aa05f1adba0fe4fdd769fcbf35ee5f8b4f78a838a7ec9

SHA512
c25ed4cb38d5d5e95a267979f0f3f9398c04a1bf5822dceb03d6f6d9b4832dfb227f1e6868327e52a0303f45c36b9ba806e75b16bd7419a7c5203c2ecbae838f

Download Submit
\Windows\SysWOW64\1.mp3

Filesize
3KB

MD5
21ffe141cf4019866a26fcfdc0125a4a

SHA1
ed50a04420b23a94d1259dc9cb470f878cc939b0

SHA256
5b8a0213870eee332efff042ed6f9455f6eda644722582298049416761ef43c7

SHA512
132636aebe046db58b1f74bbf77ee3a0fc87175be01808abd85601d10c46b3a66099d21a001557bb6025ced9415988d4ff6a8f4e128877d16d5c885ee55ba365

Download Submit
memory/2292-27-0x00000000008F0000-0x0000000000901000-memory.dmp

Filesize
68KB

Download
memory/2292-1-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2292-20-0x0000000000680000-0x00000000006C4000-memory.dmp

Filesize
272KB

Download
memory/2292-16-0x00000000003C0000-0x00000000003EA000-memory.dmp

Filesize
168KB

Download
memory/2292-12-0x0000000000300000-0x0000000000338000-memory.dmp

Filesize
224KB

Download
memory/2292-39-0x0000000002130000-0x0000000002191000-memory.dmp

Filesize
388KB

Download
memory/2292-40-0x0000000000920000-0x0000000000923000-memory.dmp

Filesize
12KB

Download
memory/2292-0-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2292-44-0x00000000021A0000-0x00000000021DF000-memory.dmp

Filesize
252KB

Download
memory/2292-59-0x0000000000400000-0x00000000004EF000-memory.dmp

Filesize
956KB

Download
memory/2292-69-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download