Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30-04-2024 20:11

General

  • Target

    2933284d93880b0d97911de67304ba13a223e1da75e4c89049d2b24dfc66cb48.exe

  • Size

    918KB

  • MD5

    9d5f8aa24b4dca9740068761959ee505

  • SHA1

    ba36a41d7a68d83607ae27e005dec49d200c635e

  • SHA256

    2933284d93880b0d97911de67304ba13a223e1da75e4c89049d2b24dfc66cb48

  • SHA512

    06270ccc4de906e83a5b5e6bcf15e1fa85d3a0acae497e9f445fece7bd49d83452929e605fb8d7b573de4781235bcd319d8e0254d808043b402055239e702525

  • SSDEEP

    24576:S2JjIfX15mV3Y4Hn3gvtmfiBQJZKENlnDUl21qLmYUM6:VjI14V3Y4HgmcQJUENRQlyqLm7

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
  • Modifies registry class 47 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2933284d93880b0d97911de67304ba13a223e1da75e4c89049d2b24dfc66cb48.exe
    "C:\Users\Admin\AppData\Local\Temp\2933284d93880b0d97911de67304ba13a223e1da75e4c89049d2b24dfc66cb48.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Users\Admin\AppData\Local\Temp\instA.exe
      C:\Users\Admin\AppData\Local\Temp\instA.exe
      2⤵
      • Executes dropped EXE
      PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\instA.exe

    Filesize

    853KB

    MD5

    d0c3566d43da5b1fc94db94e4a046d73

    SHA1

    b9d33c84b820f6eb363ad9975577630669b53fad

    SHA256

    05478c8fdd3c3fc5d806c7949dced20c7bdf27d92e30b88b7e102c4374d7b5b7

    SHA512

    138a24ee952b09ad8c31ef3dd39d70b265e90d70ad08ca747c9b4a7dd9c11d79568a94aa8459f6f6df36bc8eba5196d588e560a75422ab7a0016b550edbc9af7

  • \Windows\DOWNLO~1\ehelper.dll

    Filesize

    77KB

    MD5

    f55527108daa507c46ea57d5727f5b61

    SHA1

    14dbb91efb91e9e8b8fd26086d60698fdb0ced00

    SHA256

    7b84fb02c2c75d9cd1c7de8fc0c1cd9e3658cc1f3bac1e47638d314483a944c7

    SHA512

    2ec6c50a63ee216ff65904f5418c24a6f2cb3d25c4ebba237f669fc3b644eb52e368ff86203d9f84bd7aa8f67626a309578cf38d833e9aa35a599220d4c37415