3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137

Analysis

max time kernel
142s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe
Size

7.6MB
MD5

dcc086ec699227420d52d211a5fb61da
SHA1

f0847b59a8a957fcdcadac36383d1d20eb69e283
SHA256

3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137
SHA512

4480fa78e02243125334c7f3bcbce519e4efb3ef009f4c19e6b379a574694a15274e68d1e50459a8ce9a1108559b4fe603bb73bbf68ac158629e8e8e03f3b576
SSDEEP

196608:fVbwTsOb7j8ydbV3YN3XypCmwtEbezg1gHXrmBGKSVXT:fV4sAXdp3Q3XQ6EOgAXr2W

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2140	3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe
2140	3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe
2140	3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe
2140	3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe

C:\Users\Admin\AppData\Local\Temp\3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe
"C:\Users\Admin\AppData\Local\Temp\3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3acb2ed677f47df39cfefe3d3ab5696d1b4bdbac3876643037938c0a9f3ea137.exepack.tmp

Filesize
2KB

MD5
4156ed8445cb964e4d3d10234396e4d7

SHA1
f8de86fc5eb1097164d8596f8d81f9f90c294097

SHA256
d2ce4c3b3e18f0e4c46098495ae5d693e655c5ed7eb170b4c75b2c471331cdce

SHA512
a5c2e913bda1b2aac5cd58c0b91cdc33cfd857abb7b4a636214fd325c80e46e43006ced5c18076d8ffeabd15dfc25073ab04e38cd1e074a9614b704e2142e4dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\46aff397b52eaa631d07e042b36108a7.ini

Filesize
1KB

MD5
a3d81ec2764212ec32039865e54ffc81

SHA1
a32f410218441849a8da0e77d8ec7300d6b08199

SHA256
52b3d554fe86a954f2ba557334e4efd4f13c6549d8c9b202928db7b238ea449a

SHA512
8fc478cec2ff8336187f19e1e53a5fa5601c4c0001bab8d9567303b3aa87d6d731eb493cdf0c49ffd63ccfe6c2ab821e6b6b973616fb0999a63bcd53e4188ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\46aff397b52eaa631d07e042b36108a7A.ini

Filesize
1KB

MD5
a971b06a6ee40fef3bb35802ab6a392b

SHA1
ec53957c415c8fc644a3c8b98f4a0d9eb2010148

SHA256
f5655344644b192dd6823db1482b2f31df4e3d11d815ae9b8302d6d55b6ac34d

SHA512
4cd5a79681829064fdade4b6c3f77a27bf58b3fdf52575bdcec64ad892e4151de96cbbec3c2ee1de9e12b5ff35a53fead25786916be8a81c6fe2ebb15a5cc1b2

Download Submit
memory/2140-370-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-372-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-0-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-339-0x0000000001EA0000-0x0000000001EB0000-memory.dmp

Filesize
64KB

Download
memory/2140-341-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-342-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-343-0x00000000001E0000-0x00000000001E3000-memory.dmp

Filesize
12KB

Download
memory/2140-1-0x00000000001E0000-0x00000000001E3000-memory.dmp

Filesize
12KB

Download
memory/2140-371-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-2-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-374-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-375-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-376-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-377-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-378-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-379-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-380-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download
memory/2140-381-0x0000000000400000-0x0000000001D05000-memory.dmp

Filesize
25.0MB

Download