bff258915709665ae20a2a232238c39e514c0ecffb7747b00c8a06188d82ee5e

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca778c6e3dcf8e49b07560af6d71ab9e.exe
Size

2.3MB
MD5

ca778c6e3dcf8e49b07560af6d71ab9e
SHA1

0efcd3af122e8fe144259b9ee46ae46ae3fb66c1
SHA256

bff258915709665ae20a2a232238c39e514c0ecffb7747b00c8a06188d82ee5e
SHA512

d4ea9a531f5092c99e5744e7563da4efa42add67cf375d9aa7246689a1164dc1011a5528d0531fdeda11006e6b3543251bfab6c0cafffaa8590fa4df03eb9ac7
SSDEEP

24576:+7QFRUm/rCYAj8pXU+Cz/R/rCYAj8pXU+CrYAj8pXuAj8pXU+Cz/R/yYAj8pXU+s:EQFRHrmQG+ydrmQG+KQLQG+yd2QG+s

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2512	dwsn.exe

Loads dropped DLL 2 IoCs

pid	Process
2240	ca778c6e3dcf8e49b07560af6d71ab9e.exe
2240	ca778c6e3dcf8e49b07560af6d71ab9e.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	dwsn.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2512	dwsn.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2512	dwsn.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2512	dwsn.exe
2512	dwsn.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2512	2240	ca778c6e3dcf8e49b07560af6d71ab9e.exe	28
PID 2240 wrote to memory of 2512	2240	ca778c6e3dcf8e49b07560af6d71ab9e.exe	28
PID 2240 wrote to memory of 2512	2240	ca778c6e3dcf8e49b07560af6d71ab9e.exe	28
PID 2240 wrote to memory of 2512	2240	ca778c6e3dcf8e49b07560af6d71ab9e.exe	28

C:\Users\Admin\AppData\Local\Temp\ca778c6e3dcf8e49b07560af6d71ab9e.exe
"C:\Users\Admin\AppData\Local\Temp\ca778c6e3dcf8e49b07560af6d71ab9e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\dwsn.exe
  C:\Users\Admin\AppData\Local\Temp\dwsn.exe -run C:\Users\Admin\AppData\Local\Temp\ca778c6e3dcf8e49b07560af6d71ab9e.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dwsn.exe

Filesize
2.3MB

MD5
1eaaf43c7de6202d3cdfdf40cc717d2a

SHA1
0a6a940345221e28d566d4cbe2b49f0cda49aa41

SHA256
b2ddee52dd2d6aed12984daa58805aa870272abdd556f87143dccd2d808820cc

SHA512
054b68cd8609d6dcd01fa37b9626479d88bfa362d75266e998ffe6b223ed232e22890c81ea3900970435af69f2d2d9ff9ad276517c45303c5194ceb836aba40f

Download Submit
memory/2240-22-0x0000000001E30000-0x0000000001E31000-memory.dmp

Filesize
4KB

Download
memory/2240-37-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2240-3-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2240-4-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2240-6-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2240-7-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2240-19-0x0000000001E50000-0x0000000001E51000-memory.dmp

Filesize
4KB

Download
memory/2240-9-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2240-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2240-12-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2240-11-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2240-14-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2240-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2240-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2240-16-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2240-18-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2240-17-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2240-21-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2240-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2240-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2240-20-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2240-24-0x0000000001E20000-0x0000000001E21000-memory.dmp

Filesize
4KB

Download
memory/2240-23-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2240-25-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/2240-26-0x0000000001E40000-0x0000000001E41000-memory.dmp

Filesize
4KB

Download
memory/2240-34-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2240-1-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2240-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2240-2-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2240-36-0x00000000002F0000-0x0000000000340000-memory.dmp

Filesize
320KB

Download
memory/2512-40-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/2512-39-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/2512-41-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2512-42-0x00000000032D0000-0x00000000032D2000-memory.dmp

Filesize
8KB

Download
memory/2512-44-0x0000000003390000-0x0000000003391000-memory.dmp

Filesize
4KB

Download
memory/2512-43-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2512-46-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/2512-45-0x00000000033A0000-0x00000000033A1000-memory.dmp

Filesize
4KB

Download
memory/2512-47-0x0000000004550000-0x0000000004590000-memory.dmp

Filesize
256KB

Download
memory/2512-57-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download