2eac4893ae5858307f11c3cd82f5f58e46766bb3a6b60020291e13fbf9871239

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 16:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bc3ba0fe12e69a0895b056bd8afa831a.exe
Size

21.7MB
MD5

bc3ba0fe12e69a0895b056bd8afa831a
SHA1

1350ee1279d2eb4237dc03bf7df1eccd707772b5
SHA256

2eac4893ae5858307f11c3cd82f5f58e46766bb3a6b60020291e13fbf9871239
SHA512

c6b9d4dcb082d0c2de6543dec0dd304eae70a1d83ffc3c6b7efa21d2fb98ff7b11c2ec8b0cf614ea2596e2484089e9fa58176ba8f44f610a23ee65b9c26aab7d
SSDEEP

98304:EcKAAkAADAkAARKAAkAADAkARAkAADAkA3kAAWAADAkAARKAAk7kA3kAAWAADAkS:E9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2544	hjjav.exe

Loads dropped DLL 2 IoCs

pid	Process
2868	bc3ba0fe12e69a0895b056bd8afa831a.exe
2868	bc3ba0fe12e69a0895b056bd8afa831a.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	hjjav.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2544	hjjav.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2544	hjjav.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2544	hjjav.exe
2544	hjjav.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2544	2868	bc3ba0fe12e69a0895b056bd8afa831a.exe	28
PID 2868 wrote to memory of 2544	2868	bc3ba0fe12e69a0895b056bd8afa831a.exe	28
PID 2868 wrote to memory of 2544	2868	bc3ba0fe12e69a0895b056bd8afa831a.exe	28
PID 2868 wrote to memory of 2544	2868	bc3ba0fe12e69a0895b056bd8afa831a.exe	28

C:\Users\Admin\AppData\Local\Temp\bc3ba0fe12e69a0895b056bd8afa831a.exe
"C:\Users\Admin\AppData\Local\Temp\bc3ba0fe12e69a0895b056bd8afa831a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\hjjav.exe
  C:\Users\Admin\AppData\Local\Temp\hjjav.exe -run C:\Users\Admin\AppData\Local\Temp\bc3ba0fe12e69a0895b056bd8afa831a.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hjjav.exe

Filesize
15.3MB

MD5
690ebcc2ccc27e0a92b3d8f3cdcc68c7

SHA1
9de74c39a5f0be1974564d951df18f22eb0f503d

SHA256
ed704435f8103dd09d079f310575f12b24d7b338759be2a0a85ed9dc08c02288

SHA512
eb784b02a6c52f100a27da1d4d77358e7a31a60f6149c627439311060d18e1b0d4d14bf384caf1e4ce060ed2b38825c20f20e5b717d85f8accb6c2492f851991

Download Submit
C:\Users\Admin\AppData\Local\Temp\hjjav.exe

Filesize
11.4MB

MD5
8faf3df54acd2ab0d57c367bf46a93f7

SHA1
260c954688a20f5d3cf5aaea66775d7c377eee31

SHA256
db445a5cd53f24d91fb436b93d58057b2dbf718c13969a39321beb07d08598d5

SHA512
1979d826de468cdfb7346f55efd37f00be51b9d11c6b10c9225ee7c749f0fa311c3b33c4031b80a079807b7747b7895de5f0d21ecbf532605374ee5090d2ccd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\hjjav.exe

Filesize
15.8MB

MD5
6e82c77ffddd41019b69b0422cb60496

SHA1
9c349b294e1ca48f9ac9b9bb560480a6c14dbf16

SHA256
4ef585a0ea539d67c1b698302a8f7aec3fc703c214995fbff9613158c03487d8

SHA512
918daf4eaa506552cbf27443f9d53485e5277124c3d6afe089d0ab78b83250bcee03569889d123097eb0c70a40388058f21a8c9dcac6f6d5dbbb19bb1dc45c3a

Download Submit
\Users\Admin\AppData\Local\Temp\hjjav.exe

Filesize
11.5MB

MD5
c6171e5c06a317fe892a057a32346c7d

SHA1
32bda60b279d0d74c81343fe3e3e4c72ff8b13d6

SHA256
4d4d8db66471af8e88e70c20b670bda639d35272c84f424c6931657e7a9b5065

SHA512
a8ea97acceda4106afd8ba18b1af853281b5a99e1a96dea8fd4460e5e7036c8ca83c32a88df1fc74ff8d91f8ac969dd01b063370ce8e041c492b5f8be50d3d61

Download Submit
\Users\Admin\AppData\Local\Temp\hjjav.exe

Filesize
11.3MB

MD5
e891e1f98d646d67911159ec932c452d

SHA1
a1b91b15e63a8d6bff5172f6fca2480a83318659

SHA256
e79183f07cab365588ee38c7704f49206c9c5701913447b693b15d8e8a9ff5d8

SHA512
46b23ef5f730929f057b2c732a81364827258e1011db9496a874de1682c1d7687d5209d8114fd325a343fe853eab3971cf75c6e427163ecc494b56140142bd52

Download Submit
memory/2544-82-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2868-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-9-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2868-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2868-7-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2868-6-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/2868-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2868-4-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2868-3-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2868-2-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2868-18-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2868-17-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2868-16-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/2868-15-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2868-14-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/2868-13-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2868-12-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/2868-11-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

Filesize
4KB

Download
memory/2868-20-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2868-27-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2868-26-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2868-25-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2868-24-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/2868-23-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2868-22-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/2868-19-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2868-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2868-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-1-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2868-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2868-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2868-51-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2868-52-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2868-53-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2868-55-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2868-54-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2868-56-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2868-57-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2868-58-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2868-59-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2868-60-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2868-61-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/2868-62-0x0000000001F50000-0x0000000001F57000-memory.dmp

Filesize
28KB

Download
memory/2868-71-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2868-72-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2868-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download