bae223bf684420bf6db0b96124cf5659706cb24ff9f6a5e12977eab9b448688b

Analysis

max time kernel
142s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 16:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de70357e6ce05924ca36659f1da1de01.exe
Size

11.0MB
MD5

de70357e6ce05924ca36659f1da1de01
SHA1

b84a74b5472d8d1382d95c0e75cdecaacc224f6f
SHA256

bae223bf684420bf6db0b96124cf5659706cb24ff9f6a5e12977eab9b448688b
SHA512

4612bfcbe7f32f6a31f6f267d72d4f3e1a699d680c99189c6d3057de71f8ef9a53ab92c77d473e31ae7117f75a5a6f039b5514c417f1c3aaf1a291dd01e10b59
SSDEEP

49152:EQFRHrmQG+yrV2FhrV2FUQG+yrV2FIFUYsrV2CrV2FhrV2FUQG+yrVL0Fhr5rV24:EcKQ1HK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2096	n.exe

Loads dropped DLL 2 IoCs

pid	Process
1948	de70357e6ce05924ca36659f1da1de01.exe
1948	de70357e6ce05924ca36659f1da1de01.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main	n.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2096	n.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2096	n.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2096	n.exe
2096	n.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2096	1948	de70357e6ce05924ca36659f1da1de01.exe	28
PID 1948 wrote to memory of 2096	1948	de70357e6ce05924ca36659f1da1de01.exe	28
PID 1948 wrote to memory of 2096	1948	de70357e6ce05924ca36659f1da1de01.exe	28
PID 1948 wrote to memory of 2096	1948	de70357e6ce05924ca36659f1da1de01.exe	28

C:\Users\Admin\AppData\Local\Temp\de70357e6ce05924ca36659f1da1de01.exe
"C:\Users\Admin\AppData\Local\Temp\de70357e6ce05924ca36659f1da1de01.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\n.exe
  C:\Users\Admin\AppData\Local\Temp\n.exe -run C:\Users\Admin\AppData\Local\Temp\de70357e6ce05924ca36659f1da1de01.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\n.exe

Filesize
211KB

MD5
c069f0845916707d4f2b44f5cc13bf11

SHA1
ee0553d33439ad60219b9053b90f5bb0d15e8db5

SHA256
d55452530846bd3ae19bdcea38b0b050cbfa6855ee99de715f752dd3d795f72a

SHA512
a3786ef753ac55eacaee8bfc9ffd26e813ab682b10b173d9b803c77c869935c4181b084f7d5d7e0988d91d42f9069dc9b2641e7f2edca49f54caa352b0e983b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\n.exe

Filesize
327KB

MD5
b54e09346b3dd4b4d7585eae686151e5

SHA1
790a4f0e58068407d55f3722a7921a05f6708cf2

SHA256
9ee18f7b79a6bdb48c4fa82dfb66fb9831d98cbf054640cade637d54c3829dcc

SHA512
f5530d9c133b1dcb31f4eec94c6a08fba668ff5d965071c498cfb746cdd4cc58d58316604af44a80cd895feadde398a10e13cf4cbaaa980d9ca84e49fdff37ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\n.exe

Filesize
206KB

MD5
573abea3a11c82f1080564e20da7c903

SHA1
4ebe1000b4bc56765cf7e0ce4e7525079da454ad

SHA256
cc4fe8a1916b18e1c4ed28a5141541e5dbcd47aaa27cb459f5d655f2513ea1f6

SHA512
aab295b99088319a85d00ae65bafd384c9ecb4a2c6508b998dcf44b4b2246f0770df2ff24cb50ac2216dfb5831cbb21d8a58874da1bce98c73cf6355fd3f5bdb

Download Submit
\Users\Admin\AppData\Local\Temp\n.exe

Filesize
488KB

MD5
3a0c3af8b659837703a297d6b01792c1

SHA1
48f9047d9f17899c0638d9d36afdb1e5a8ac71e9

SHA256
9d5f4dd282a891989b65b20c0a48ce14b3e7c4035da41491a2da9d6f6e4347cf

SHA512
e6887268d93dd7fd4ad0ddcab08236637c356160f61ef930cb6172091733c38dd6b4f359c51dc40f8078bbb9f2812787777f8806b1ff6fb3ddd8b758b81e1938

Download Submit
\Users\Admin\AppData\Local\Temp\n.exe

Filesize
181KB

MD5
1a5d769b856c63620796b086f114d8fe

SHA1
822edec384f540e63c68fcc3e9120466dca06896

SHA256
a6fcdcfe3b933ef39be2e35443cebc3dea9496ac76aafcce856a10e9e9a29c8e

SHA512
afbe6aaf7a32a24f323a3b79756e4122d1dd21bffc433d97c7d238a38105a55655155f68a5bf9a9735fe10b2b00e731c73cc868625dcc11e9c479c8b8ef4c782

Download Submit
memory/1948-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-7-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/1948-6-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1948-5-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/1948-4-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1948-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1948-1-0x00000000002F0000-0x0000000000340000-memory.dmp

Filesize
320KB

Download
memory/1948-18-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1948-17-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/1948-16-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1948-15-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/1948-14-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1948-13-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1948-12-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1948-11-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/1948-26-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/1948-25-0x0000000001EA0000-0x0000000001EA1000-memory.dmp

Filesize
4KB

Download
memory/1948-24-0x0000000001E60000-0x0000000001E61000-memory.dmp

Filesize
4KB

Download
memory/1948-23-0x0000000000890000-0x0000000000891000-memory.dmp

Filesize
4KB

Download
memory/1948-22-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/1948-21-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/1948-20-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/1948-19-0x0000000001E90000-0x0000000001E91000-memory.dmp

Filesize
4KB

Download
memory/1948-28-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-27-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/1948-10-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/1948-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-8-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/1948-9-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/1948-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-62-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1948-66-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1948-65-0x00000000002F0000-0x0000000000340000-memory.dmp

Filesize
320KB

Download
memory/1948-64-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/1948-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-61-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1948-2-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1948-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/1948-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1948-54-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/1948-53-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/1948-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2096-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2096-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2096-70-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2096-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2096-69-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2096-68-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2096-175-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download