585df7525308c52d45f5a8b25ba8d624e82093d493d3fd0dd1dfe64cc7e3209a

Analysis

max time kernel
143s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cdc3055f5ab61455bf0fde644b4c753b.exe
Size

7.8MB
MD5

cdc3055f5ab61455bf0fde644b4c753b
SHA1

bcdad3f060f2a235db6103ba5b78bd3e05993bae
SHA256

585df7525308c52d45f5a8b25ba8d624e82093d493d3fd0dd1dfe64cc7e3209a
SHA512

939bcd4adf678285cd12e087e0268687038ca576e4ac2c8bb1e7c1b4eabb09352f731b8a9ede614e05f3e62e26a4a4d49dfedb57a3a6852489ca413ec88b7513
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rcrvqrmQG+yrY+Fr/rcr7G+Fr/rcrxrmQG+yrY+FrFfrxrX:EcKYOMQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2568	ahmr.exe

Loads dropped DLL 2 IoCs

pid	Process
2212	cdc3055f5ab61455bf0fde644b4c753b.exe
2212	cdc3055f5ab61455bf0fde644b4c753b.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1658372521-4246568289-2509113762-1000\Software\Microsoft\Internet Explorer\Main	ahmr.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2568	ahmr.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2568	ahmr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2568	ahmr.exe
2568	ahmr.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2568	2212	cdc3055f5ab61455bf0fde644b4c753b.exe	28
PID 2212 wrote to memory of 2568	2212	cdc3055f5ab61455bf0fde644b4c753b.exe	28
PID 2212 wrote to memory of 2568	2212	cdc3055f5ab61455bf0fde644b4c753b.exe	28
PID 2212 wrote to memory of 2568	2212	cdc3055f5ab61455bf0fde644b4c753b.exe	28

C:\Users\Admin\AppData\Local\Temp\cdc3055f5ab61455bf0fde644b4c753b.exe
"C:\Users\Admin\AppData\Local\Temp\cdc3055f5ab61455bf0fde644b4c753b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\ahmr.exe
  C:\Users\Admin\AppData\Local\Temp\ahmr.exe -run C:\Users\Admin\AppData\Local\Temp\cdc3055f5ab61455bf0fde644b4c753b.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ahmr.exe

Filesize
3.3MB

MD5
46735dc71bb0cd9e1e91e0a867dee954

SHA1
7a9633edfe9c2e7541d7e6f03d0eac9e55b3b2e9

SHA256
5afd2d2400edf361018a8123694cd9816852bedf29b03be64e46be27f3a5ce12

SHA512
d071c9d0e3004cb4fb0d55a20bce6d1b75c43356d63cc430bc12f2fa4e35e51dfffa70202f23a06d7ca21cac1b34050f29431944af762b654c872662e3803f7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ahmr.exe

Filesize
2.1MB

MD5
72a413b0f57eb6e47a7382273b2991c1

SHA1
7fb52864ffc408dc5c5913c34c75907cdb2a2f96

SHA256
f189ea3f59eefc08ff5a04bb4aa1868a251461533e3fc090a9ce1c63c9c92ecc

SHA512
bcdbd05d70230e20fc64dd6d4bf9fab4251f768a012302cecceaf7892432141ac97bf5fe9b91ade8fcd96771f4fc16b5bb4ecfd41e575e85e9aa78a1fa35a278

Download Submit
C:\Users\Admin\AppData\Local\Temp\ahmr.exe

Filesize
2.2MB

MD5
4577f478720501f645f1b25ea2f9b3bc

SHA1
adfe232f20655b93c7fddd3b8862faf8c5baa51e

SHA256
b7992a85b4fbcc78a58e8bd26e360649de666a621ff10ae48c15f28fd42a315c

SHA512
62f6e6487ee6058737786da2349165375950da764ce1e95d3fec6dc1e3125bb028f76b95bdaa2c27f1e1f7532e0325b1e58ccc3af9859896142432becaff57dc

Download Submit
\Users\Admin\AppData\Local\Temp\ahmr.exe

Filesize
2.1MB

MD5
c509c02e7d908c6ceb734f4a5eba82e1

SHA1
99a24bcc0aafaaf3d25587c51a5e1f566797918a

SHA256
7b10aaf4ac7a839c7dbf355527bdcd892a071386477c151f6d2b154b5b3e9da5

SHA512
63b5bfb87991e233e4c8d17730885cb9dc04231e8adf22bbb4e1db5ac591cf1605183525e70503cdca100e7050c90e9144e25003860b633f9a394bc014e0ce80

Download Submit
memory/2212-19-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2212-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2212-1-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/2212-6-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2212-5-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2212-4-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2212-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2212-12-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2212-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2212-15-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2212-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2212-13-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2212-17-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2212-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2212-18-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2212-21-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/2212-23-0x0000000002360000-0x0000000002361000-memory.dmp

Filesize
4KB

Download
memory/2212-24-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/2212-25-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/2212-22-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/2212-20-0x0000000002380000-0x0000000002381000-memory.dmp

Filesize
4KB

Download
memory/2212-26-0x0000000002390000-0x0000000002391000-memory.dmp

Filesize
4KB

Download
memory/2212-27-0x0000000002370000-0x0000000002371000-memory.dmp

Filesize
4KB

Download
memory/2212-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2212-29-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2212-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2212-38-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2212-39-0x0000000000340000-0x0000000000390000-memory.dmp

Filesize
320KB

Download
memory/2212-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2212-9-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2212-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2212-2-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2212-7-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2568-43-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2568-59-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-42-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2568-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-53-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-54-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-55-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-56-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-57-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-58-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-60-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-61-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-62-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-63-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-64-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-65-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-66-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-67-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2568-68-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/2568-69-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2568-70-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2568-71-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2568-72-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2568-73-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2568-91-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download