159a43318fc1e30622f9851a58e437114a925b4bf734340879dc59387a11debd

Analysis

max time kernel
30s
max time network
6s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
04-05-2024 15:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updater.exe
Size

845KB
MD5

f7ea17cd71f263659d0ee0b82a95fbaf
SHA1

ccca2055f846ca2d7f9e7e25b598630ac2e4e96a
SHA256

159a43318fc1e30622f9851a58e437114a925b4bf734340879dc59387a11debd
SHA512

fb956b7a3fb29c5119f34cfc0d1eea9ddf8e124a90ad0a7c2cfb3b0c2366308ee927e62dda534230bc1f3c91ee41cf7833573ca0969662b3295a552a6eee1735
SSDEEP

24576:lq3ZxrxkruJX5ybziv1jv5rjpQYbHfPwQ2qlZBM:lq3ZxryqJWzih5rt9P

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-293923083-2364846840-4256557006-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	updater.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-293923083-2364846840-4256557006-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\updater.exe = "11000"	updater.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3084	updater.exe
3084	updater.exe

C:\Users\Admin\AppData\Local\Temp\updater.exe
"C:\Users\Admin\AppData\Local\Temp\updater.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads