42c61a29652a76ca8e6658dd451aaa6db5f7a651b06ff63a021bfee8fd75bfe5

Analysis

max time kernel
92s
max time network
24s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Locker.exe
Size

21KB
MD5

41ac379eaf0c42231d4fc079b75e01d4
SHA1

b055cbb38135778e0c48e67b457a34bea564c908
SHA256

42c61a29652a76ca8e6658dd451aaa6db5f7a651b06ff63a021bfee8fd75bfe5
SHA512

76b9342d97cfac6b6225dd68cd39099920970dee6bff612103336836dbfc5ee9f3d32481db9f0e10a8f8373ba40ad1d53ef005b7da5ff8f8d676e384608d6911
SSDEEP

384:naGLcibc4OamjeJBhE5/S42vHiRpOGg030g2jknQumYLHsNi1JuUrsPdQqpaJDNg:LLkBJRp7g2kk7MorYpaJDy

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main	Locker.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe
1948	Locker.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1948	Locker.exe
1948	Locker.exe

C:\Users\Admin\AppData\Local\Temp\Locker.exe
"C:\Users\Admin\AppData\Local\Temp\Locker.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-0-0x00000000745DE000-0x00000000745DF000-memory.dmp

Filesize
4KB

Download
memory/1948-1-0x0000000000160000-0x000000000016C000-memory.dmp

Filesize
48KB

Download
memory/1948-2-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1948-3-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1948-4-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1948-5-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1948-31-0x00000000745DE000-0x00000000745DF000-memory.dmp

Filesize
4KB

Download
memory/1948-32-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1948-33-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1948-34-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1948-35-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download