afec8658ff5e5d67a16bb8c28cdf9f78f502f7610915f078f675a70d22264961

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/04/2024, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3DP_Edition_v811_(CrystalAC97_wdm_eng).exe
Size

2.0MB
MD5

f7adbce54c4ca1776174186019a17041
SHA1

1150c4ae982ed8093376e945f75235e7992448c2
SHA256

afec8658ff5e5d67a16bb8c28cdf9f78f502f7610915f078f675a70d22264961
SHA512

3c034eb1a051615750e246542957827b52cc0a251efd775bcccfe85a5e4a8cba54ba8119cb359877347d47f82c7b2324f932dac6f193915ee59064ee25ad4aad
SSDEEP

49152:C8OfnyhTQADuQ2vY2nuTq1lPH3Gwea2X12ziBa8TcwMbXjEK+L0/EMdmC7nZS:gfny2kuCqfHhenl2eg8TcwI7s2mEM

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-778096762-2241304387-192235952-1000\Software\Microsoft\Internet Explorer\Main	3DP_Edition_v811_(CrystalAC97_wdm_eng).exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2300	3DP_Edition_v811_(CrystalAC97_wdm_eng).exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2300	3DP_Edition_v811_(CrystalAC97_wdm_eng).exe
2300	3DP_Edition_v811_(CrystalAC97_wdm_eng).exe

C:\Users\Admin\AppData\Local\Temp\3DP_Edition_v811_(CrystalAC97_wdm_eng).exe
"C:\Users\Admin\AppData\Local\Temp\3DP_Edition_v811_(CrystalAC97_wdm_eng).exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2300-9-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download