734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8

Analysis

max time kernel
79s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe
Size

2.1MB
MD5

559f586490fcc60b5ba2c9f9295b6128
SHA1

16ea8670793d3d6969ea7804f3761433fcb4fbde
SHA256

734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8
SHA512

db6f00666588d66764e4ceea38e3153d41f9ba710d00da44c69ff49a25246e72b5e6b72f801376985dea46c37a6422629e9c22a05197948ffb3d4c7456d0a89d
SSDEEP

49152:1ohjwSHKHEhhgUKSLwQdfuJLzBCeIQMbkdhoOsbAL:CjRKdL1CLQyohZ

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
8	AdAwareWebInstaller.exe
4892	AdAwareWebInstaller.exe

Loads dropped DLL 2 IoCs

pid	Process
8	AdAwareWebInstaller.exe
4892	AdAwareWebInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
8	AdAwareWebInstaller.exe
8	AdAwareWebInstaller.exe
4892	AdAwareWebInstaller.exe
4892	AdAwareWebInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
8	AdAwareWebInstaller.exe
4892	AdAwareWebInstaller.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 8	1576	SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe	90
PID 1576 wrote to memory of 8	1576	SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe	90
PID 1576 wrote to memory of 8	1576	SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe	90
PID 8 wrote to memory of 4892	8	AdAwareWebInstaller.exe	95
PID 8 wrote to memory of 4892	8	AdAwareWebInstaller.exe	95
PID 8 wrote to memory of 4892	8	AdAwareWebInstaller.exe	95

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4662.20461.1147.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Users\Admin\AppData\Local\Temp\6fa38752-112d-4346-902d-79c558ce6fba\AdAwareWebInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\6fa38752-112d-4346-902d-79c558ce6fba\AdAwareWebInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:8
- - C:\Users\Admin\AppData\Local\Temp\5f728887-dc92-4053-bf24-55e7fe37213d\AdAwareWebInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\5f728887-dc92-4053-bf24-55e7fe37213d\AdAwareWebInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\adaware\adaware antivirus\Options\UpdateServer.txt

Filesize
27B

MD5
1867c72b167f7eb0c6561f637d5b7930

SHA1
348b65fcdb2f757f34565dc12fef9cc19950634d

SHA256
af5cb6d7ccddb63213ae65b7974e727facb142c3715055d7c88fe9eb782e674e

SHA512
e320052cd2fa3f168b7798ebfb8898e65c0c43e87a4b5c5abc3cd9efddf4e0922e55d287c5c916739aec2c56ab2e48bbcdfce392dc3d664924110a1e587f7031

Download Submit
C:\ProgramData\adaware\adaware antivirus\Options\lang

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\ProgramData\adaware\adaware antivirus\Options\lfp

Filesize
2KB

MD5
691f27629df8576a96db5175352fcc60

SHA1
de23fd4aa310c307cdd455c1d9444c90b229d44d

SHA256
bf560ad7e7b1c57986c91ee24a8543c67a8ab6faeb6aea6e3d10f427805b4002

SHA512
29f31cfd76ed2750efb39288a9a9ea9d86bb9d1f38b54ebefcda56e6253cf4662bb7567e830e77b748889fdce09157423b38b1954a50ba182670354aed073c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
471B

MD5
869cdb67796fb63c34ba75cff6a15060

SHA1
9f0d77acc90665f2efc30e5c3edff7429ddcb28d

SHA256
267b74cd0a13d88534710fb910595fcdbb411053d0e4da0995723459c0b88ff5

SHA512
c20f4add31f303feb9b8c8356797a3f3340cc723eb4a1cfbd17487373449cec1b27df65d527d9e5ab3b7c1aed65e0323b024f9ff512b1b5026c2bfb09294c004

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
408B

MD5
8cb66d33adeb1628e6c816f4ed694870

SHA1
ea0ad279fb452c187afd0e641e3f041cd939989a

SHA256
d3489d2e7d8f4f989b328a80e62257064d5d31a3eb8b60b57f7a8f2ed00bd08d

SHA512
de6ac5ae3be60f5d982219f0cc722a6551d21ec63d74f911463fd1a05e22fc99456840d588b047cfea44202ba2ab90d7ea372a321465de82ed0baa9ab137e1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\237606bb-d98b-4be2-8c70-ba7ab9622f1d\oemuninstall.dll

Filesize
345KB

MD5
9e9d03eba5414c76278ca0ef2f5c9eac

SHA1
04c03c94e07fa9874f08ddd8f4654a20a177c213

SHA256
891301287d0684a6db142f74ba05647ff4e723acab216d953f0983a69834a4c9

SHA512
fb4bcb7a5951d87d49d45ef551661f6e3dcb9cafd3f3ab145a243a75db646ef0f421bf72860454d8396044fb6d7408fa718f219fe166795d42c7a7c1ace76ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\237606bb-d98b-4be2-8c70-ba7ab9622f1d\setupdata.dll

Filesize
70KB

MD5
60163de7e86d70b2d5f40596a57a2a20

SHA1
a3ed52f970cb2a9f18184f1f6af03b9b429375fe

SHA256
dfc4e2357afca70ec70f01f0c11ef5d502e9d70d6dd51439fcc4f41b84816691

SHA512
78293e80fc61c573abf70eba0749a3a6713ab01b388db8de09acc2bfbc993e8e1fee5a13d6a595e485a39c98fc0df4e067ecdac627b28599fde4a6a4f40a4953

Download Submit
C:\Users\Admin\AppData\Local\Temp\58f64988-a2fe-415e-bcc8-b160465c42ff\oemuninstall.dll

Filesize
367KB

MD5
3793291c977c725a44a8cd3c0c205ff5

SHA1
b41a1a7c9cf39e640ceea93f53b1499cf48e6d26

SHA256
76aea9df17367813e93a80ab2e7208f99f52a84a54214860de317fb729d15fa9

SHA512
afd49cd2575c0a147d529b8f20bd1dc7ea313f25b28b10fbf9d6d0c5bdfdcd42ea0fd88570813e755949045f5518c448f1ddb55970578d2554bdd582fa667d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\58f64988-a2fe-415e-bcc8-b160465c42ff\setupdata.dll

Filesize
70KB

MD5
f4a3f6fedf3701f913d458bd7ac8942c

SHA1
3838b9af3e7da2d45ce1c315571a5d4371bcb0f0

SHA256
3df7885e5fbeb6093c01ea90a66d6e030acacc30bdc0e6b5ab184f6221da8289

SHA512
3bb47018a9f236edf650acb69b0b296ffe832ea8e9e06e8607e4a820716b08935ed1451a085c48c232c8892c52751129fac85f28a4f9fd0daf4604702f63cf51

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f728887-dc92-4053-bf24-55e7fe37213d\AdAwareWebInstaller.exe

Filesize
17.1MB

MD5
92add233b0b6107991a13e95a5feeb8e

SHA1
36ac027f6e1dce2a09c1ef54835895aa316e0805

SHA256
67358074a49addf9836c1b8d75f59460fa62ded89c13dc12b5c2342764a7cfc8

SHA512
6140339c2ba62aad96659be76c58b13f080fb4a056760766c43fef26ad4255f3223dd85942956555a47222e216e04e8e47de45fbce523815f74190df6bdfa44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\6fa38752-112d-4346-902d-79c558ce6fba\AdAwareWebInstaller.exe

Filesize
16.3MB

MD5
9c7cfa356661ed53d2064f8f34b30d81

SHA1
593acabc5eeadd703b357faa6b23e04d5e84dbf8

SHA256
8f6190038b9362ad323b742b508d19f171f73a6f7d4935f035046bfc68441e83

SHA512
3f929274c311561b64141b121819a1dd3701097be92c65886657a68e060323e471f5975fa50d3ab6902bb27df3efae941a249f58dd46ce1b4ca5f097b230c8f2

Download Submit