fb2b8a73c607245f6a454df2841d9843363dfe0240aad16d3492de6bd391800e

Analysis

max time kernel
144s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 05:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c00495271503c07af5d3cdeeacb9109a.exe
Size

8.1MB
MD5

c00495271503c07af5d3cdeeacb9109a
SHA1

8a62d4402550f68e2c5ca3b2754e91610dd186c2
SHA256

fb2b8a73c607245f6a454df2841d9843363dfe0240aad16d3492de6bd391800e
SHA512

f686c0e63d824d22f66fe289c5aabbed1e30862e478b826d71899d0c6eb2d9b2471fbb3c9b6ddcfb0d90a93d792ffce357d235c1c05ff45e020050272af3f185
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rcrvqrmQG+yrY+Fr/rcrCJBmQG+yrY+Fr/rcrvqrmQG+yrR:EcKYqYt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2008	fjnpqr.exe

Loads dropped DLL 2 IoCs

pid	Process
1504	c00495271503c07af5d3cdeeacb9109a.exe
1504	c00495271503c07af5d3cdeeacb9109a.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	fjnpqr.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2008	fjnpqr.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2008	fjnpqr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2008	fjnpqr.exe
2008	fjnpqr.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 2008	1504	c00495271503c07af5d3cdeeacb9109a.exe	28
PID 1504 wrote to memory of 2008	1504	c00495271503c07af5d3cdeeacb9109a.exe	28
PID 1504 wrote to memory of 2008	1504	c00495271503c07af5d3cdeeacb9109a.exe	28
PID 1504 wrote to memory of 2008	1504	c00495271503c07af5d3cdeeacb9109a.exe	28

C:\Users\Admin\AppData\Local\Temp\c00495271503c07af5d3cdeeacb9109a.exe
"C:\Users\Admin\AppData\Local\Temp\c00495271503c07af5d3cdeeacb9109a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Users\Admin\AppData\Local\Temp\fjnpqr.exe
  C:\Users\Admin\AppData\Local\Temp\fjnpqr.exe -run C:\Users\Admin\AppData\Local\Temp\c00495271503c07af5d3cdeeacb9109a.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fjnpqr.exe

Filesize
3.6MB

MD5
42c05be902a818492d216e2fe65f2aef

SHA1
baf6fd9f69cf6d67ceae5ae525e41feb0adb1059

SHA256
201792ce2f83f04e3d2384c2aad4a8ee51deb16022128c0812128d9f77f67845

SHA512
6897b27d1c72824aaab69e4782090190000ba26336b5f313806b3e41df5e11921e81209ef53bf366ad5476c6c278f39f469cde53d49070ca7de56b0ec2bb6b60

Download Submit
C:\Users\Admin\AppData\Local\Temp\fjnpqr.exe

Filesize
3.9MB

MD5
19933cc3a65045eecf6116383b790994

SHA1
a3101f41a5c29fc928b6f42489eaaa602de67bdb

SHA256
e855898344cdc4f7bad48271322f7d9580f1df90540c416ea4992dad3eeb27b7

SHA512
369c9390a91d005b5c2d1a4153b10c8a3b933f2a83da4e28c1fd19af72a633e6d11d35edc0b4dd4be9afd8970daa558452543ca9e32058f712f6fb23b9f62597

Download Submit
C:\Users\Admin\AppData\Local\Temp\fjnpqr.exe

Filesize
4.1MB

MD5
83f05c5ea58b26da2042eaa16579146c

SHA1
fee1c37a49d9cdbf21602942c31104c0111b4986

SHA256
b1a6cb79d8057aab85d41d40eae41b7798ee9d49b1f489bdd67be06d56fdc64d

SHA512
fa6c81ce6063ca976902984454deb80f503f4a753edb7039851d258344a8e530bc019e1ec18aa9fb6a872e7ef2aa548287110b31cbccf3d540676bc17cb4fa84

Download Submit
\Users\Admin\AppData\Local\Temp\fjnpqr.exe

Filesize
3.4MB

MD5
c4c7e629382270617791f425bbfefa75

SHA1
5eee6fd48030d295b45e23eac9360d643890683f

SHA256
33eb401da37f972aae37cd3427909aa48aafe1adcbb3abf1b593c3c4276349e2

SHA512
cb42fd9de31fff4daf657f38438853a3bb57693a495f6aa2c2bc4e6bf7c155a57518463d757638d10ee68c7c5494ad8f46bdb62ad6d39c5ec3bfc2f12effb448

Download Submit
\Users\Admin\AppData\Local\Temp\fjnpqr.exe

Filesize
4.2MB

MD5
bd32f093a1e0e618ff8f350b4b900bc8

SHA1
8b8f0c7b4e5008ae6492133ef884aa92404150cb

SHA256
2c8a9c8907cc92b6bc9ea800d334be33a877f9492769a6c8b655790b232a0120

SHA512
8f067f8b43534bc5d344234bc9b983ada0149cda9edd9855cb1b1a99976fac7e9dea110d2d0e40aaa441fcb5652f4e3904bfa26527b60965857f3fff744d72d6

Download Submit
memory/1504-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1504-21-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/1504-23-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/1504-28-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/1504-25-0x00000000007E0000-0x00000000007E1000-memory.dmp

Filesize
4KB

Download
memory/1504-27-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/1504-24-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/1504-22-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/1504-20-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/1504-19-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1504-18-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1504-17-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1504-16-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1504-15-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1504-14-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1504-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1504-12-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1504-10-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1504-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1504-8-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1504-7-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1504-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1504-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1504-5-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/1504-4-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1504-3-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/1504-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1504-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-2-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1504-1-0x0000000000320000-0x0000000000370000-memory.dmp

Filesize
320KB

Download
memory/1504-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1504-59-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/1504-58-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/1504-57-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/1504-56-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1504-55-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1504-54-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1504-53-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/1504-52-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/1504-51-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1504-67-0x00000000005A0000-0x00000000005A6000-memory.dmp

Filesize
24KB

Download
memory/1504-69-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1504-70-0x0000000002F00000-0x0000000003036000-memory.dmp

Filesize
1.2MB

Download
memory/1504-72-0x0000000000320000-0x0000000000370000-memory.dmp

Filesize
320KB

Download
memory/1504-68-0x0000000002F00000-0x0000000003036000-memory.dmp

Filesize
1.2MB

Download
memory/2008-73-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2008-103-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download