1463d442219e986fa41bdd13d0da2d51a629623ee75d1bb2ac103201533fa7aa

Analysis

max time kernel
136s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4abeb6c2c89a005f16b4c6a92fe82f9.exe
Size

460KB
MD5

d4abeb6c2c89a005f16b4c6a92fe82f9
SHA1

1636b01cd057402a1d594eb685d04aa1a49f3e5a
SHA256

1463d442219e986fa41bdd13d0da2d51a629623ee75d1bb2ac103201533fa7aa
SHA512

b8b3dd5c8e989ed1c518c44df83f4a1a6cd748a44a558bed4372638037ff87c7d8b558f1e3aa2638c2e8a26a3f073b851ba42701ca368b1eabc6bea59023a9e0
SSDEEP

6144:UXP2VguYIgrGRq6t2BfkXws/ZDNmSEk/UnOJtxw051M6Jp/+hTg8cdlbv6lYP:qkgrL6qMgs/NNSksnOfx55/aG6q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2336	ondkbntwcokx.exe

Loads dropped DLL 2 IoCs

pid	Process
880	d4abeb6c2c89a005f16b4c6a92fe82f9.exe
880	d4abeb6c2c89a005f16b4c6a92fe82f9.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000\Software\Microsoft\Internet Explorer\Main	ondkbntwcokx.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2336	ondkbntwcokx.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2336	ondkbntwcokx.exe
2336	ondkbntwcokx.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 2336	880	d4abeb6c2c89a005f16b4c6a92fe82f9.exe	28
PID 880 wrote to memory of 2336	880	d4abeb6c2c89a005f16b4c6a92fe82f9.exe	28
PID 880 wrote to memory of 2336	880	d4abeb6c2c89a005f16b4c6a92fe82f9.exe	28
PID 880 wrote to memory of 2336	880	d4abeb6c2c89a005f16b4c6a92fe82f9.exe	28

C:\Users\Admin\AppData\Local\Temp\d4abeb6c2c89a005f16b4c6a92fe82f9.exe
"C:\Users\Admin\AppData\Local\Temp\d4abeb6c2c89a005f16b4c6a92fe82f9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:880
- C:\Users\Admin\AppData\Local\Temp\ifoxleoodbnfvoh\ondkbntwcokx.exe
  "C:\Users\Admin\AppData\Local\Temp\ifoxleoodbnfvoh\ondkbntwcokx.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ifoxleoodbnfvoh\parent.txt

Filesize
460KB

MD5
d4abeb6c2c89a005f16b4c6a92fe82f9

SHA1
1636b01cd057402a1d594eb685d04aa1a49f3e5a

SHA256
1463d442219e986fa41bdd13d0da2d51a629623ee75d1bb2ac103201533fa7aa

SHA512
b8b3dd5c8e989ed1c518c44df83f4a1a6cd748a44a558bed4372638037ff87c7d8b558f1e3aa2638c2e8a26a3f073b851ba42701ca368b1eabc6bea59023a9e0

Download Submit
\Users\Admin\AppData\Local\Temp\ifoxleoodbnfvoh\ondkbntwcokx.exe

Filesize
7KB

MD5
89c976f01a0ceacaa0a7cb71932fccd7

SHA1
06939f38267366dbfbb2576c1582fa4ededa6279

SHA256
c6a4a50e1fdcd77b67f06e35ae70280b3d1ef5e83e60df30175d0a71e165f89f

SHA512
f0bf8ed1945840b3cd8dbfc21e90dd9426796bf8bfae766fb00812e41045e800b80adebca7ad597605ec3ada778c3791acf297d7bafb0445c1a11895b4ce900f

Download Submit
memory/2336-16-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-9-0x0000000002100000-0x0000000002144000-memory.dmp

Filesize
272KB

Download
memory/2336-12-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

Filesize
9.6MB

Download
memory/2336-14-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-13-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-15-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-10-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

Filesize
9.6MB

Download
memory/2336-11-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-23-0x0000000020D10000-0x00000000214B6000-memory.dmp

Filesize
7.6MB

Download
memory/2336-28-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-29-0x000007FEF5B50000-0x000007FEF64ED000-memory.dmp

Filesize
9.6MB

Download
memory/2336-30-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-31-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-32-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download
memory/2336-33-0x00000000004D0000-0x0000000000550000-memory.dmp

Filesize
512KB

Download