906f07a6498d5b05aa305852fc31645465ecbdbadfd9eac5b2f96b2d6db1acde

Analysis

max time kernel
144s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 05:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c296f32e10b78d8cc94b10946608946b.exe
Size

9.5MB
MD5

c296f32e10b78d8cc94b10946608946b
SHA1

95d0f81c048f7b95a7ee4080466a430594a43ffd
SHA256

906f07a6498d5b05aa305852fc31645465ecbdbadfd9eac5b2f96b2d6db1acde
SHA512

e60cb8b00814fafa6ab0d2ec6d18c3f18198070c91c2c7428a92dc3d2b73b39bd99fd642209bcd1745bbcf62952bf05f5cada2ff50afd18433813ebcacd88779
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rY+FrEyrY+FrRrY+FrE5Y+Frv+Fr/rY+FrEyrY+C+FrEyr2:EcKW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2472	xtphc.exe

Loads dropped DLL 2 IoCs

pid	Process
1720	c296f32e10b78d8cc94b10946608946b.exe
1720	c296f32e10b78d8cc94b10946608946b.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	xtphc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2472	xtphc.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2472	xtphc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2472	xtphc.exe
2472	xtphc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2472	1720	c296f32e10b78d8cc94b10946608946b.exe	28
PID 1720 wrote to memory of 2472	1720	c296f32e10b78d8cc94b10946608946b.exe	28
PID 1720 wrote to memory of 2472	1720	c296f32e10b78d8cc94b10946608946b.exe	28
PID 1720 wrote to memory of 2472	1720	c296f32e10b78d8cc94b10946608946b.exe	28

C:\Users\Admin\AppData\Local\Temp\c296f32e10b78d8cc94b10946608946b.exe
"C:\Users\Admin\AppData\Local\Temp\c296f32e10b78d8cc94b10946608946b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\xtphc.exe
  C:\Users\Admin\AppData\Local\Temp\xtphc.exe -run C:\Users\Admin\AppData\Local\Temp\c296f32e10b78d8cc94b10946608946b.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\xtphc.exe

Filesize
832KB

MD5
2e3659c1cc833fc3cabc3f0b7d131296

SHA1
81d2d028039e32dc1ee5b9df46aa0c62e119ca09

SHA256
32782b4d4ac0b3615d7d85e6c0c729661309a3dd2bd25d01a89f9d0adfe4e558

SHA512
b758f2d506637b26527ff11e0224ff76d34858ce321f91c80061b6f025899e2d6d8d7570d1fbd8f5c9764b460d62c5703f04361157e10886e599e9cd45fbe4a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\xtphc.exe

Filesize
5.6MB

MD5
e21c07bd0c4a12017edc377d51dbecf0

SHA1
3e125398bfb1cca5e701d01ffe5f88bb479ead04

SHA256
c0367e0641f9647f114fab7c8e953d056e63a91d5ae3c04e36415a096e2aa1c6

SHA512
5ba5c384fe80d9140331c3a8f63e3bcd093d6166cb62bfedea425171a9e8ae737a5730651eb15638db4392d5006038f7aeb7bc80a0d4068bb3c1f0d1c0b48d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\xtphc.exe

Filesize
4.2MB

MD5
1db15aa2fc8bacf47fd61d0a500e84b9

SHA1
d68eb66ea237771b5749c6457a3b984f74256e31

SHA256
6a9b2c99bbdaa1060281075ad259de0256737e3d05883bb2538fa7e4887da841

SHA512
e2a29d75b1c0084aa8c16cab0dbb77e4829e93c945e705d9cb7be22cd56a7ab99a8fe8bdfed51de3b23ba9c9ae68305a6ee39e0e0a8912183f400f4b2e039844

Download Submit
\Users\Admin\AppData\Local\Temp\xtphc.exe

Filesize
1.9MB

MD5
82b28c4b156423348feb03c265ba55e0

SHA1
3053c132365a830eaed1dac2f267dca23af2ae6b

SHA256
ecc6a842837e2735dd8146dfceed59bc9f31349351aaf92422bed3eaf084e7d0

SHA512
c73dd807a373659fd762a94a1ec4d8c263338969eaf357a00a563e9c959afef32ee2220f5f3269da09eb73e2b9ab43e802afab9e068eca796aefa22bec35f5c0

Download Submit
\Users\Admin\AppData\Local\Temp\xtphc.exe

Filesize
320KB

MD5
6d9ae75a3f3936f0327d9546a7935c7c

SHA1
66372f4a77998989cd257f4cc35c7c6c5b30c605

SHA256
88526507e129b589b31260fe29169f8b2b514ed2f9b94ff77c3b84dd1937a51b

SHA512
a7ee62fd6f7f974d53c1a7acb2597cb8e7109fe2579f7bb8b96ee2bdc3b9628fa093dd88e7e46917a733b7868ef9b85083a058b9c1722f55495cddf3a2e742db

Download Submit
memory/1720-19-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1720-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1720-5-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1720-9-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1720-10-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1720-11-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1720-12-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1720-16-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1720-15-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1720-14-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1720-17-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1720-13-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1720-1-0x00000000002F0000-0x0000000000340000-memory.dmp

Filesize
320KB

Download
memory/1720-18-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1720-20-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1720-22-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1720-21-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/1720-24-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/1720-25-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/1720-23-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/1720-26-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/1720-27-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/1720-28-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/1720-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1720-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-59-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/1720-60-0x00000000005B0000-0x00000000005B6000-memory.dmp

Filesize
24KB

Download
memory/1720-7-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1720-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1720-52-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/1720-58-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/1720-57-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/1720-56-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/1720-55-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1720-54-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1720-53-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/1720-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1720-51-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1720-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-69-0x00000000002F0000-0x0000000000340000-memory.dmp

Filesize
320KB

Download
memory/1720-68-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1720-2-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/1720-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1720-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1720-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2472-71-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2472-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2472-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2472-110-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download