68af833277016e0badafa620d8e44fe924a0d286fc9c44771f41023f9d1defd7

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20-03-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d784ccf577e5a46ce311a3c23f15761f.exe
Size

11.4MB
MD5

d784ccf577e5a46ce311a3c23f15761f
SHA1

6093a2d76d32d6515499f1e85f085360beddca31
SHA256

68af833277016e0badafa620d8e44fe924a0d286fc9c44771f41023f9d1defd7
SHA512

a5c21cd3289ba7c216c8b77288cd6b29755f1d7dc755d6216a63727e92f03d65fe578f05307981c9c6914768951d02461cb7f330b76c7a7e9a6cb2b44c7c9d80
SSDEEP

49152:EQFRHrmQG+yrY+Fr/rcrvrDRHrmQG+yrY+Fr/rcrMrMrgrcrvrDRHrmQG+yrY+FM:EcKUKEKsyEp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2616	rjqx.exe

Loads dropped DLL 2 IoCs

pid	Process
2240	d784ccf577e5a46ce311a3c23f15761f.exe
2240	d784ccf577e5a46ce311a3c23f15761f.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	rjqx.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	rjqx.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2616	rjqx.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2616	rjqx.exe
2616	rjqx.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2616	2240	d784ccf577e5a46ce311a3c23f15761f.exe	28
PID 2240 wrote to memory of 2616	2240	d784ccf577e5a46ce311a3c23f15761f.exe	28
PID 2240 wrote to memory of 2616	2240	d784ccf577e5a46ce311a3c23f15761f.exe	28
PID 2240 wrote to memory of 2616	2240	d784ccf577e5a46ce311a3c23f15761f.exe	28

C:\Users\Admin\AppData\Local\Temp\d784ccf577e5a46ce311a3c23f15761f.exe
"C:\Users\Admin\AppData\Local\Temp\d784ccf577e5a46ce311a3c23f15761f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Users\Admin\AppData\Local\Temp\rjqx.exe
  C:\Users\Admin\AppData\Local\Temp\rjqx.exe -run C:\Users\Admin\AppData\Local\Temp\d784ccf577e5a46ce311a3c23f15761f.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rjqx.exe

Filesize
7.7MB

MD5
23d7e48b58ddbef0cf5788717c41d97d

SHA1
121844de451ef605de8da6eec26e280155486f5f

SHA256
049f4acc0ebdc611d2c6855af5a4eac3a32e1cc33da7b34060fd91e4023c8843

SHA512
d5822ba6441af2aa0107bda45f27afddceea0b150c6650068a8b2610b3913feac48ba03082a246489b6552d2e0c703904f1857282763989d5e63b94bc97f326a

Download Submit
C:\Users\Admin\AppData\Local\Temp\rjqx.exe

Filesize
6.5MB

MD5
4e2598567c3259b6abfdacdd89ceef9c

SHA1
d3833610f8502938819311dd9a4c00d3240e9f31

SHA256
cbb3e88248a5fe7c8f601df488c76f5085ba957ec802b09b4d7de085a62e04dd

SHA512
41ffcd9c6e68665fe8b7626c44b374460972d7681bf1ed4d955de8c04e899b0c5976cf5a0241e7c2ba8692613b5eb5f9b618eacbcc39f3b126f65daf69ba90ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\rjqx.exe

Filesize
7.6MB

MD5
fa6db9d3d69f4051448bd060f15f05c7

SHA1
75c5c5c9553c4177239e3a7b3b956c3340076547

SHA256
28e2a89dd808a917cbfaa99968de60d36500c8e2e101f2aeb4d9ab281dcf0125

SHA512
efe6ade482f897ce1ab485e99c3c8244dd22de5c06701731cf1908ccd54c3226f14bbb320f0db8f81940cb5f99e4811aa57499385e8c9e7312a084c12e0db464

Download Submit
\Users\Admin\AppData\Local\Temp\rjqx.exe

Filesize
9.7MB

MD5
2cd7f83244a27ef6f66e536e29377c51

SHA1
8119b67cf153f5f56ad8fe0fedcdc0c2545021aa

SHA256
2ead4bc570521bf37257ceb56449d25ca96389c912634ec52c7239a5b60c69c9

SHA512
75635a43a690871567f105c7f07db760f65d3da7d37d792f15f62c388a5d864d40ccbd2ae922a58414fa9c33d2c859325be4261bb501e5fa661306c2c0ae7b12

Download Submit
\Users\Admin\AppData\Local\Temp\rjqx.exe

Filesize
8.4MB

MD5
7132caee3021e364304eda096785d2aa

SHA1
856eb913a034a75263793b7121824d692a5aebfd

SHA256
f9f90974f474be42d4d117c60fcf6c2ad73fcd5ba41a0f0ba29448c8b524a3b9

SHA512
23ff83c47316181cdcdb7de8bb3c503d2c308a0e0e3a5aa60c4ee641e06449d3a5024f0d3d2486cdbd5c93da6aa573bb5e87a114314ae9709ab93badf7da86cb

Download Submit
memory/2240-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2240-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2240-8-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download
memory/2240-7-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2240-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2240-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2240-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2240-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2240-2-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2240-19-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

Filesize
4KB

Download
memory/2240-18-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/2240-17-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2240-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-15-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/2240-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2240-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2240-12-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/2240-29-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2240-28-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/2240-27-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/2240-26-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2240-25-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/2240-24-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2240-23-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2240-22-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download
memory/2240-20-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/2240-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2240-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-10-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2240-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-57-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/2240-56-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/2240-55-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2240-54-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/2240-53-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2240-52-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2240-51-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2240-50-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2240-60-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/2240-65-0x0000000001FC0000-0x0000000001FC7000-memory.dmp

Filesize
28KB

Download
memory/2240-68-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2240-70-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2240-69-0x00000000032D0000-0x0000000003406000-memory.dmp

Filesize
1.2MB

Download
memory/2240-1-0x0000000000270000-0x00000000002C0000-memory.dmp

Filesize
320KB

Download
memory/2240-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2240-67-0x00000000032D0000-0x0000000003406000-memory.dmp

Filesize
1.2MB

Download
memory/2240-49-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2240-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2240-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2616-71-0x0000000000280000-0x00000000002D0000-memory.dmp

Filesize
320KB

Download
memory/2616-73-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2616-120-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download