1c0773db87b9231483d3c96f4cb37a85d7c731fcd1cd9903918ee06d59a3a261

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd347fee47fe96eea5a33d64ec43a3b1.exe
Size

4.6MB
MD5

cd347fee47fe96eea5a33d64ec43a3b1
SHA1

6859ef908fe514368eb45fe1647629319dcb3614
SHA256

1c0773db87b9231483d3c96f4cb37a85d7c731fcd1cd9903918ee06d59a3a261
SHA512

2f8e084e927b9a5e3cb18db8ff8a683065b80662926edfedf97cb3e3c09aa3597b07bca447b6f5fbb043bd18239e601c8735e07e40396ffba62981bd2dc2f08e
SSDEEP

49152:EQFRHrmQG+dQG+jG+SGhxQG+dQG+jG+SGhQmQG+Z9+jG+SGhxQG+dQG+jG+SGhQU:EcKeWeY9eY+09eG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2704	dtzel.exe

Loads dropped DLL 2 IoCs

pid	Process
2748	cd347fee47fe96eea5a33d64ec43a3b1.exe
2748	cd347fee47fe96eea5a33d64ec43a3b1.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	dtzel.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2704	dtzel.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2704	dtzel.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2704	dtzel.exe
2704	dtzel.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2704	2748	cd347fee47fe96eea5a33d64ec43a3b1.exe	28
PID 2748 wrote to memory of 2704	2748	cd347fee47fe96eea5a33d64ec43a3b1.exe	28
PID 2748 wrote to memory of 2704	2748	cd347fee47fe96eea5a33d64ec43a3b1.exe	28
PID 2748 wrote to memory of 2704	2748	cd347fee47fe96eea5a33d64ec43a3b1.exe	28

C:\Users\Admin\AppData\Local\Temp\cd347fee47fe96eea5a33d64ec43a3b1.exe
"C:\Users\Admin\AppData\Local\Temp\cd347fee47fe96eea5a33d64ec43a3b1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Users\Admin\AppData\Local\Temp\dtzel.exe
  C:\Users\Admin\AppData\Local\Temp\dtzel.exe -run C:\Users\Admin\AppData\Local\Temp\cd347fee47fe96eea5a33d64ec43a3b1.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dtzel.exe

Filesize
2.0MB

MD5
aab3d2a78a6b22f54d870f2b84d4212d

SHA1
72b8f323cf0cb943ad61626e01d137871b2bfa2d

SHA256
72f75bcfbf4a2f57d9c330b14f14aba9c6d636b401fd47923abcd6e5399c7e64

SHA512
abd91de4fbb7559fae96db7b16c0095645f430c3f21a215cb9dc9c8e5c0870e72ec5a941086cf1b7d1b314efaec811729cf7f4d23a9068641003c9bd29edfc19

Download Submit
C:\Users\Admin\AppData\Local\Temp\dtzel.exe

Filesize
1.8MB

MD5
bd0b2530fe291d658850b1a7081ee350

SHA1
f32668ebc9327f8e4b15b1dbc300cdede3ccf8a8

SHA256
52ee47c982d620730d9b8a0efa5a555dcb5382b5a215074ea1fb2364f7896a1f

SHA512
057e9386db07a349e3886516b6036fa09acb72a0e7ae180b5fbe280c0b47df694aace11d47d487bc29786c2c280465aec78517cb7caf6ecfe2e45e029c34fb19

Download Submit
C:\Users\Admin\AppData\Local\Temp\dtzel.exe

Filesize
2.0MB

MD5
3e257ac9dce4cc9d4516b38104051913

SHA1
b82792f9e45f259d40049c77205248f9f7da7d99

SHA256
295c1d23a9bee2b082f1e42b541b2c2c6526b04b338eafa4b43d5b688f822481

SHA512
1e40ac94e87279917f25ecb9569c655593cdd27937569458e71514427f899f0e8948a9b43c73031ce814e45ac4d40a36f782a7c36f55e46b7337de7bdd657259

Download Submit
\Users\Admin\AppData\Local\Temp\dtzel.exe

Filesize
2.8MB

MD5
9e355cba08ebcc0fb61023065cb8eb68

SHA1
8935c3061a36540ccfff52a45d9c2f8b3d59c5d6

SHA256
c070573cdd29269f938118d23a32f537991fec0539f95c656f25b56013c6b2b8

SHA512
9698a6fcc02d101c1810b6291e764da7515e1cf214ef79e3528fea4a1711d140ab791aea57e609245fbaea8743473af354087c09b138d0793b002ff3af91b7e1

Download Submit
\Users\Admin\AppData\Local\Temp\dtzel.exe

Filesize
2.2MB

MD5
9501c34820981961de342761ada519aa

SHA1
8b2331d1a8e84018562875d7c7cd1e7641385752

SHA256
f32576ff74b01db0d2cd45d489a573fc9a3ec83b708d65076a08e2a9cfb3c34a

SHA512
92f99cf99ce574b406b21b2acdf56ca078dc8c862e1eb4425f05837513c283d72c73d3ad7a3b450115983ec7f9c7f2edd7b07bc13f66cb8de37f7e3973242a33

Download Submit
memory/2704-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2704-53-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2704-52-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2704-127-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2748-26-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2748-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2748-49-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2748-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-46-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2748-12-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/2748-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2748-14-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2748-15-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2748-16-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2748-20-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/2748-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2748-21-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/2748-23-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/2748-24-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/2748-25-0x00000000007F0000-0x00000000007F1000-memory.dmp

Filesize
4KB

Download
memory/2748-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2748-27-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2748-28-0x0000000000880000-0x0000000000881000-memory.dmp

Filesize
4KB

Download
memory/2748-17-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2748-18-0x00000000007B0000-0x00000000007B1000-memory.dmp

Filesize
4KB

Download
memory/2748-19-0x00000000007C0000-0x00000000007C1000-memory.dmp

Filesize
4KB

Download
memory/2748-1-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2748-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2748-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2748-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2748-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2748-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2748-7-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2748-8-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2748-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2748-10-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2748-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download