750ebe6fc6a672b0421b58338c81dff1c53af48872b8ef9d32f607c6bbb24969

General

Target

a9f2832507fd7d3a0b9aa287b0cf48fc.exe
Size

1.8MB
MD5

a9f2832507fd7d3a0b9aa287b0cf48fc
SHA1

4fafd995743f6eb97f6e71d0488742a4ee0510e6
SHA256

750ebe6fc6a672b0421b58338c81dff1c53af48872b8ef9d32f607c6bbb24969
SHA512

c675a803c86c504887ce98e6b0369864d25d54c890f1e8ef74b15c5ecc99caa94327bedc41d34bc4c32e872faa2fd1be3bdfd83bec8f3d528fcca2e6ce5363be
SSDEEP

49152:jdu8aOLWRXjMsUvfcowUltM6xB3T0WXO4MS+:jdoRXjMsUvfcowUltXj0f49+

Score

4^/10

Malware Config

Signatures

Loads dropped DLL 18 IoCs

pid	Process
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\KpPopupDlg.exe = "7000"	a9f2832507fd7d3a0b9aa287b0cf48fc.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe
2176	a9f2832507fd7d3a0b9aa287b0cf48fc.exe

C:\Users\Admin\AppData\Local\Temp\a9f2832507fd7d3a0b9aa287b0cf48fc.exe
"C:\Users\Admin\AppData\Local\Temp\a9f2832507fd7d3a0b9aa287b0cf48fc.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nso10F4.tmp\Banner.dll

Filesize
4KB

MD5
91c9ee5005ac6cb4ec79a3b039b4c8df

SHA1
95a9c018b501b6697beca846a33955909c3f97be

SHA256
05838c8f81efbb98679010158f29cefd88a34fb1fe5d603e839dd406235ddf29

SHA512
41cc45a64fbe64cd83e704e87193004245f5d29f4f880921d041e5f2ceec86ca0653146e6477642eba73875b9d5f0d773b540436b19e4797def9c15d7618474b

Download Submit
\Users\Admin\AppData\Local\Temp\nso10F4.tmp\CheckRunVirtual.dll

Filesize
32KB

MD5
a0cb8030c255059749db3bffa0c78956

SHA1
8d945131c91a4bd99f53758d75691349cd4127cb

SHA256
bcd19389fd4e58e552fc45c4222eae3aa70f0e7e1573b2afc8e7ad433f131398

SHA512
b9ad84d528b7b4f95c1ee1b315bc7d76ff3c093e99bbc6b806517742320cd3a592ceb4ab407e1e003b3476e4ee5bc608029c102244ede5fee7fded8ac21e15d7

Download Submit
\Users\Admin\AppData\Local\Temp\nso10F4.tmp\DialogEx.dll

Filesize
21KB

MD5
2015bb43ab225bebd66bf474df424155

SHA1
3179aae8019577c720bafca7d126574d837ece00

SHA256
0af63a42fb77e2e31eccaea6953c86a461fa1fa82b2471e3493ee66f3e864f3e

SHA512
66567cb93231cfec913463cfc47343844931251ba8e83df0bc67d2ee42fd6fb2eb8d468c9e1af6d2a087701f2e9eb22f0f41bc573f2a471110c422bd54c0815e

Download Submit
\Users\Admin\AppData\Local\Temp\nso10F4.tmp\FindProcDLL.dll

Filesize
3KB

MD5
8614c450637267afacad1645e23ba24a

SHA1
e7b7b09b5bbc13e910aa36316d9cc5fc5d4dcdc2

SHA256
0fa04f06a6de18d316832086891e9c23ae606d7784d5d5676385839b21ca2758

SHA512
af46cd679097584ff9a1d894a729b6397f4b3af17dff3e6f07bef257bc7e48ffa341d82daf298616cd5df1450fc5ab7435cacb70f27302b6db193f01a9f8391b

Download Submit
\Users\Admin\AppData\Local\Temp\nso10F4.tmp\NSISdl.dll

Filesize
14KB

MD5
254f13dfd61c5b7d2119eb2550491e1d

SHA1
5083f6804ee3475f3698ab9e68611b0128e22fd6

SHA256
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28

SHA512
fcef8ac5bd0ee6e316dbbc128a223ba18c8bf85a8d253e0c0877af6a4f686a20b08d34e5a426e2be5045962b391b8073769253a4d9b18616febc8133ccf654f7

Download Submit
\Users\Admin\AppData\Local\Temp\nso10F4.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
\Users\Admin\AppData\Local\Temp\nso10F4.tmp\ToolTips.dll

Filesize
4KB

MD5
9a0da2692764bb842411a8b9687ebbb7

SHA1
5c3a459faa08a704bdf162476897ad4580ae39bd

SHA256
28aeaa48c929188a0d169887cc3f16370741467ae49e1db59763f030710a6bbb

SHA512
814d686617df4fe9f50a93dac9428babff3a14836aa27b4666976379ec3fafcab65fd82d8886998fa65e7b59dc192ca067cf8b4cdeb8ef551812912d80dab8ed

Download Submit
memory/2176-22-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/2176-23-0x0000000010000000-0x0000000010003000-memory.dmp

Filesize
12KB

Download
memory/2176-71-0x0000000001E80000-0x0000000001E89000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing