12287473e84abc495ca9effbd7e44919abcffc9c70b934adbc5a0c7a0e73b645

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac6889d96187344437c41cd468eb8efc.exe
Size

284KB
MD5

ac6889d96187344437c41cd468eb8efc
SHA1

a35d470a182740f49a59a4e55603c236f0503faf
SHA256

12287473e84abc495ca9effbd7e44919abcffc9c70b934adbc5a0c7a0e73b645
SHA512

c89d07c5e451b507c5ce049b6c01e9199d062a7e57fec020954e10bd54b5365f600b2e3cb0ab63bebeac8a451037e8c7a60ca460cc61bcf7fbab1a1969fd57f8
SSDEEP

6144:PnFYncdaSKkr3YnPh9yQpIiiqwSNoELJsdUUoRSnxmkP58heH9:PCncUS7rYOarsyPSxRx8W9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3036	ac6889d96187344437c41cd468eb8efc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	mshta.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 3032	3036	ac6889d96187344437c41cd468eb8efc.exe	28
PID 3036 wrote to memory of 3032	3036	ac6889d96187344437c41cd468eb8efc.exe	28
PID 3036 wrote to memory of 3032	3036	ac6889d96187344437c41cd468eb8efc.exe	28
PID 3036 wrote to memory of 3032	3036	ac6889d96187344437c41cd468eb8efc.exe	28

C:\Users\Admin\AppData\Local\Temp\ac6889d96187344437c41cd468eb8efc.exe
"C:\Users\Admin\AppData\Local\Temp\ac6889d96187344437c41cd468eb8efc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\mshta.exe
  "C:\Windows\System32\mshta.exe" c:\32777eaa-64cf-4323-a846-a6a070ba878a\start.hta
  2⤵
  - Modifies Internet Explorer settings
  PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\32777eaa-64cf-4323-a846-a6a070ba878a\InstallerHelper.dll

Filesize
132KB

MD5
bb166526498cf7212a634f2cf9c702ee

SHA1
f0f04f5be881a0d1fa508337feff38f610ba97ef

SHA256
f658bcb70c4a49a23fdab04b1915c9204eac6770a9b1d901fe71b275543d89aa

SHA512
0fb61a3928a01890705a88d52301ff4dcb8da42e983303c3c7963f509f442b5c1c4a912329ab4a412659f66c43e3ad75fd1575a6b03523c706d871e959a260be

Download Submit
\??\c:\32777eaa-64cf-4323-a846-a6a070ba878a\loader.gif

Filesize
1KB

MD5
e88ebd85dd56110ac6ea93fe0922988e

SHA1
684a31d864d33ff736234c41ac4e8d2c7f90d5ae

SHA256
379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

SHA512
211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

Download Submit
\??\c:\32777eaa-64cf-4323-a846-a6a070ba878a\start.hta

Filesize
1KB

MD5
db4ada697fa7a0e215281533d52578e9

SHA1
fb755ea8371edf5065dc53e21eb413603f9eba7f

SHA256
f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

SHA512
9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

Download Submit