2f4ba1c8e5197a8d4a991d35055ff6bab653f5bf4239262883f482661028b4d8

Analysis

max time kernel
144s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 20:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c6c8947f5cb8b647a770d8e214273eb9.exe
Size

14.8MB
MD5

c6c8947f5cb8b647a770d8e214273eb9
SHA1

a43aa4b8563650131ac94e624d48b67024255251
SHA256

2f4ba1c8e5197a8d4a991d35055ff6bab653f5bf4239262883f482661028b4d8
SHA512

13720d72fa188da66a3d18c3e90b5b2e02de4024fa49a6926111e8a83240345760c33acf083add6585e2b1ea1866b1ab67c6cb2d61445fbb4e7ed9243a9da2aa
SSDEEP

98304:EcKHfSAHfS+HfSAHfKSAHVHfS+HfSAHfK6:EY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2700	dti.exe

Loads dropped DLL 2 IoCs

pid	Process
3036	c6c8947f5cb8b647a770d8e214273eb9.exe
3036	c6c8947f5cb8b647a770d8e214273eb9.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	dti.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	dti.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2700	dti.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2700	dti.exe
2700	dti.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2700	3036	c6c8947f5cb8b647a770d8e214273eb9.exe	28
PID 3036 wrote to memory of 2700	3036	c6c8947f5cb8b647a770d8e214273eb9.exe	28
PID 3036 wrote to memory of 2700	3036	c6c8947f5cb8b647a770d8e214273eb9.exe	28
PID 3036 wrote to memory of 2700	3036	c6c8947f5cb8b647a770d8e214273eb9.exe	28

C:\Users\Admin\AppData\Local\Temp\c6c8947f5cb8b647a770d8e214273eb9.exe
"C:\Users\Admin\AppData\Local\Temp\c6c8947f5cb8b647a770d8e214273eb9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\dti.exe
  C:\Users\Admin\AppData\Local\Temp\dti.exe -run C:\Users\Admin\AppData\Local\Temp\c6c8947f5cb8b647a770d8e214273eb9.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dti.exe

Filesize
57KB

MD5
77c8c6bb0b45c7c42be81a6507ab875e

SHA1
69753691cc565a6aac6ee07e9bce4de9cdeaaecf

SHA256
195f6b71d31e6e44ef77d049ac6fd3ca23e8407c1811d2c62b1a312c9260c5db

SHA512
371539fdc3213bb94d0b37b12b932d056bc8d35f2546d6df678a53e083bb7b373f1d53fe0a3a23d5a4099d891294ab0ac1f1a5fabf985e4c44e8f3974816f136

Download Submit
C:\Users\Admin\AppData\Local\Temp\dti.exe

Filesize
59KB

MD5
a816e9c22d047479760e6f11ba248b78

SHA1
04ccc8eed3675ff4486a161e1593d31fa5085227

SHA256
8202dc6a6ee0a94152327f24ffa8dba7845931513f7ba1db11ab8cfad88e1634

SHA512
c6d9ed6a27c00049431decb15f4d900f646a01e6c76e54688301f0e1eded27edb3774d07fc0ad4829ccdb5f20605d58206307121fb1663677d2389e44c6df6c2

Download Submit
\Users\Admin\AppData\Local\Temp\dti.exe

Filesize
1.6MB

MD5
1cee6b3c11728904d1e33dc2664d4739

SHA1
218cbb71066c3404c1aaebf5437356baadc895cb

SHA256
1731361053cdb00ec8cb51443c986a4f9a4e60afc0b01020adea52a1ecae1d9f

SHA512
357517da62795bd04d8d2bb54ffeab57c69bf54bfb0eb9234d7a163b808fe50da599a2a17b9a4e6a6dc2e1fe133685a562092a2ec972cb3683193a9fc746b472

Download Submit
\Users\Admin\AppData\Local\Temp\dti.exe

Filesize
1KB

MD5
0c929d16601a9248947369678f33a27e

SHA1
11c77b043ee7c49cec5b43627aef70fd7cb92396

SHA256
49f182f21ac5fda2ae3bddfaa7cb36affd0bd15a1cfbd4768f285812ec77112e

SHA512
cad920f5163f2dfdd277463fcee637db59956442e3912cc726eb55b517fb5066be621ba17f672315f39a1951b3fa38a2e71fe15aabf6eb25ee82832e4442e840

Download Submit
memory/2700-90-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3036-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-8-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/3036-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/3036-24-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/3036-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-23-0x0000000002050000-0x0000000002051000-memory.dmp

Filesize
4KB

Download
memory/3036-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-22-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/3036-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3036-21-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/3036-20-0x0000000002070000-0x0000000002071000-memory.dmp

Filesize
4KB

Download
memory/3036-19-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/3036-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-18-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/3036-17-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/3036-16-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/3036-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-15-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/3036-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-14-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/3036-13-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3036-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-12-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/3036-10-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/3036-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/3036-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-7-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/3036-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-61-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/3036-62-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/3036-63-0x00000000008D0000-0x00000000008D6000-memory.dmp

Filesize
24KB

Download
memory/3036-60-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3036-25-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/3036-26-0x0000000002080000-0x0000000002081000-memory.dmp

Filesize
4KB

Download
memory/3036-27-0x0000000002060000-0x0000000002061000-memory.dmp

Filesize
4KB

Download
memory/3036-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/3036-2-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/3036-72-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/3036-73-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/3036-59-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/3036-58-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3036-57-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/3036-56-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/3036-55-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/3036-54-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/3036-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/3036-4-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/3036-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/3036-5-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/3036-3-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/3036-1-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download