9ed1ea5db3055b2015d11317b42fd012cf2c3becde14349f577e070f2bc16e27

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/04/2024, 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ItronFCSHelp.exe
Size

16.9MB
MD5

bff90f501255354c42069acb063997da
SHA1

c389e5b7b7702d029e6781814b65d9178f74a472
SHA256

9ed1ea5db3055b2015d11317b42fd012cf2c3becde14349f577e070f2bc16e27
SHA512

2512ce0ce3b7bcff4045e069066b07058b7567ac90f736a92c769f15dd64186f872deb8eaeae6096eb19c8e742b17e52d148d5735345402eb776604f752cc4b6
SSDEEP

393216:fVkJ9Aw69W+gh98zIwA2WWv9QgZq7LUFFNLEN1A:nt9+hmTWXb7QLGLA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	ItronFCSHelp.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe
2952	ItronFCSHelp.exe

C:\Users\Admin\AppData\Local\Temp\ItronFCSHelp.exe
"C:\Users\Admin\AppData\Local\Temp\ItronFCSHelp.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2952-0-0x0000000000400000-0x0000000000A6D000-memory.dmp

Filesize
6.4MB

Download
memory/2952-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2952-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2952-4-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-5-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2952-6-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-7-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-8-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-9-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-10-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-11-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-12-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-13-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download
memory/2952-25-0x0000000077070000-0x0000000077071000-memory.dmp

Filesize
4KB

Download
memory/2952-24-0x0000000077080000-0x0000000077081000-memory.dmp

Filesize
4KB

Download
memory/2952-23-0x0000000077160000-0x0000000077161000-memory.dmp

Filesize
4KB

Download
memory/2952-22-0x0000000077200000-0x0000000077201000-memory.dmp

Filesize
4KB

Download
memory/2952-21-0x0000000077090000-0x0000000077091000-memory.dmp

Filesize
4KB

Download
memory/2952-20-0x00000000770A0000-0x00000000770A1000-memory.dmp

Filesize
4KB

Download
memory/2952-19-0x0000000077130000-0x0000000077131000-memory.dmp

Filesize
4KB

Download
memory/2952-18-0x0000000077140000-0x0000000077141000-memory.dmp

Filesize
4KB

Download
memory/2952-17-0x0000000077600000-0x0000000077601000-memory.dmp

Filesize
4KB

Download
memory/2952-16-0x0000000077640000-0x0000000077641000-memory.dmp

Filesize
4KB

Download
memory/2952-15-0x0000000077150000-0x0000000077151000-memory.dmp

Filesize
4KB

Download
memory/2952-14-0x00000000770B0000-0x00000000770B1000-memory.dmp

Filesize
4KB

Download
memory/2952-26-0x0000000002570000-0x0000000002586000-memory.dmp

Filesize
88KB

Download
memory/2952-28-0x0000000005890000-0x00000000058CB000-memory.dmp

Filesize
236KB

Download
memory/2952-27-0x0000000077120000-0x0000000077121000-memory.dmp

Filesize
4KB

Download
memory/2952-30-0x0000000004360000-0x000000000436E000-memory.dmp

Filesize
56KB

Download
memory/2952-38-0x0000000077170000-0x0000000077171000-memory.dmp

Filesize
4KB

Download
memory/2952-37-0x0000000077180000-0x0000000077181000-memory.dmp

Filesize
4KB

Download
memory/2952-36-0x0000000077210000-0x0000000077211000-memory.dmp

Filesize
4KB

Download
memory/2952-35-0x0000000077050000-0x0000000077051000-memory.dmp

Filesize
4KB

Download
memory/2952-34-0x0000000077060000-0x0000000077061000-memory.dmp

Filesize
4KB

Download
memory/2952-33-0x0000000077610000-0x0000000077611000-memory.dmp

Filesize
4KB

Download
memory/2952-32-0x00000000770D0000-0x00000000770D1000-memory.dmp

Filesize
4KB

Download
memory/2952-31-0x00000000770E0000-0x00000000770E1000-memory.dmp

Filesize
4KB

Download
memory/2952-29-0x0000000077110000-0x0000000077111000-memory.dmp

Filesize
4KB

Download
memory/2952-39-0x00000000775F0000-0x00000000775F1000-memory.dmp

Filesize
4KB

Download
memory/2952-40-0x0000000005C70000-0x0000000005E0D000-memory.dmp

Filesize
1.6MB

Download
memory/2952-41-0x0000000077190000-0x0000000077191000-memory.dmp

Filesize
4KB

Download
memory/2952-43-0x0000000005E10000-0x0000000005E37000-memory.dmp

Filesize
156KB

Download
memory/2952-42-0x00000000771E0000-0x00000000771E1000-memory.dmp

Filesize
4KB

Download
memory/2952-46-0x00000000771A0000-0x00000000771A1000-memory.dmp

Filesize
4KB

Download
memory/2952-45-0x0000000005E40000-0x0000000005E52000-memory.dmp

Filesize
72KB

Download
memory/2952-44-0x00000000771D0000-0x00000000771D1000-memory.dmp

Filesize
4KB

Download
memory/2952-47-0x0000000005E90000-0x0000000005FAD000-memory.dmp

Filesize
1.1MB

Download
memory/2952-48-0x0000000005FC0000-0x0000000006A7A000-memory.dmp

Filesize
10.7MB

Download
memory/2952-49-0x00000000072B0000-0x00000000072E5000-memory.dmp

Filesize
212KB

Download
memory/2952-53-0x00000000770F0000-0x00000000770F1000-memory.dmp

Filesize
4KB

Download
memory/2952-52-0x0000000077100000-0x0000000077101000-memory.dmp

Filesize
4KB

Download
memory/2952-55-0x0000000000400000-0x0000000000A6D000-memory.dmp

Filesize
6.4MB

Download
memory/2952-56-0x00000000770C0000-0x00000000770C1000-memory.dmp

Filesize
4KB

Download
memory/2952-77-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2952-79-0x0000000004110000-0x00000000041BF000-memory.dmp

Filesize
700KB

Download