734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8

Analysis

max time kernel
138s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 01:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe
Size

2.1MB
MD5

559f586490fcc60b5ba2c9f9295b6128
SHA1

16ea8670793d3d6969ea7804f3761433fcb4fbde
SHA256

734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8
SHA512

db6f00666588d66764e4ceea38e3153d41f9ba710d00da44c69ff49a25246e72b5e6b72f801376985dea46c37a6422629e9c22a05197948ffb3d4c7456d0a89d
SSDEEP

49152:1ohjwSHKHEhhgUKSLwQdfuJLzBCeIQMbkdhoOsbAL:CjRKdL1CLQyohZ

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1800	AdAwareWebInstaller.exe
5104	AdAwareWebInstaller.exe

Loads dropped DLL 2 IoCs

pid	Process
1800	AdAwareWebInstaller.exe
5104	AdAwareWebInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1800	AdAwareWebInstaller.exe
1800	AdAwareWebInstaller.exe
5104	AdAwareWebInstaller.exe
5104	AdAwareWebInstaller.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1800	AdAwareWebInstaller.exe
5104	AdAwareWebInstaller.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1800	2228	734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe	90
PID 2228 wrote to memory of 1800	2228	734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe	90
PID 2228 wrote to memory of 1800	2228	734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe	90
PID 1800 wrote to memory of 5104	1800	AdAwareWebInstaller.exe	97
PID 1800 wrote to memory of 5104	1800	AdAwareWebInstaller.exe	97
PID 1800 wrote to memory of 5104	1800	AdAwareWebInstaller.exe	97

C:\Users\Admin\AppData\Local\Temp\734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe
"C:\Users\Admin\AppData\Local\Temp\734ed653e4aa81325c1773bf92f35861b8c811775a25cd361efcc439f1cbb5b8.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\3c48e6fe-84a8-4c39-a91a-867fbec8f65d\AdAwareWebInstaller.exe
  "C:\Users\Admin\AppData\Local\Temp\3c48e6fe-84a8-4c39-a91a-867fbec8f65d\AdAwareWebInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1800
- - C:\Users\Admin\AppData\Local\Temp\7979f770-b45e-4a7c-b1ae-52b0301fae64\AdAwareWebInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\7979f770-b45e-4a7c-b1ae-52b0301fae64\AdAwareWebInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\adaware\adaware antivirus\Options\UpdateServer.txt

Filesize
27B

MD5
1867c72b167f7eb0c6561f637d5b7930

SHA1
348b65fcdb2f757f34565dc12fef9cc19950634d

SHA256
af5cb6d7ccddb63213ae65b7974e727facb142c3715055d7c88fe9eb782e674e

SHA512
e320052cd2fa3f168b7798ebfb8898e65c0c43e87a4b5c5abc3cd9efddf4e0922e55d287c5c916739aec2c56ab2e48bbcdfce392dc3d664924110a1e587f7031

Download Submit
C:\ProgramData\adaware\adaware antivirus\Options\lang

Filesize
1B

MD5
cfcd208495d565ef66e7dff9f98764da

SHA1
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA256
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

SHA512
31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99

Download Submit
C:\ProgramData\adaware\adaware antivirus\Options\lfp

Filesize
2KB

MD5
691f27629df8576a96db5175352fcc60

SHA1
de23fd4aa310c307cdd455c1d9444c90b229d44d

SHA256
bf560ad7e7b1c57986c91ee24a8543c67a8ab6faeb6aea6e3d10f427805b4002

SHA512
29f31cfd76ed2750efb39288a9a9ea9d86bb9d1f38b54ebefcda56e6253cf4662bb7567e830e77b748889fdce09157423b38b1954a50ba182670354aed073c2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
471B

MD5
869cdb67796fb63c34ba75cff6a15060

SHA1
9f0d77acc90665f2efc30e5c3edff7429ddcb28d

SHA256
267b74cd0a13d88534710fb910595fcdbb411053d0e4da0995723459c0b88ff5

SHA512
c20f4add31f303feb9b8c8356797a3f3340cc723eb4a1cfbd17487373449cec1b27df65d527d9e5ab3b7c1aed65e0323b024f9ff512b1b5026c2bfb09294c004

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EE44ECA143B76F2B9F2A5AA75B5D1EC6_847118BE2683F0C241D1D702F3A3F5F9

Filesize
408B

MD5
be69d19f07f135533ee5e1545e161592

SHA1
088d654bb4ec2d59f4f5a7f9a843d53d7fdfe711

SHA256
82dfead17e861b99601ce005471f1e67c4db97fc764a4d88f27cee5b4acb0d14

SHA512
ba5b8f1086a227cc809228c582262dde7d67ab2214c803402c527794b7d64156312be34117aa640945813b73b7e6e165cb9684e0dcd12adee8f628e41496f7a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\3c48e6fe-84a8-4c39-a91a-867fbec8f65d\AdAwareWebInstaller.exe

Filesize
16.3MB

MD5
9c7cfa356661ed53d2064f8f34b30d81

SHA1
593acabc5eeadd703b357faa6b23e04d5e84dbf8

SHA256
8f6190038b9362ad323b742b508d19f171f73a6f7d4935f035046bfc68441e83

SHA512
3f929274c311561b64141b121819a1dd3701097be92c65886657a68e060323e471f5975fa50d3ab6902bb27df3efae941a249f58dd46ce1b4ca5f097b230c8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\644d28b3-5dca-48bc-bc19-88d198e3d3fd\oemuninstall.dll

Filesize
345KB

MD5
9e9d03eba5414c76278ca0ef2f5c9eac

SHA1
04c03c94e07fa9874f08ddd8f4654a20a177c213

SHA256
891301287d0684a6db142f74ba05647ff4e723acab216d953f0983a69834a4c9

SHA512
fb4bcb7a5951d87d49d45ef551661f6e3dcb9cafd3f3ab145a243a75db646ef0f421bf72860454d8396044fb6d7408fa718f219fe166795d42c7a7c1ace76ac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\644d28b3-5dca-48bc-bc19-88d198e3d3fd\setupdata.dll

Filesize
70KB

MD5
60163de7e86d70b2d5f40596a57a2a20

SHA1
a3ed52f970cb2a9f18184f1f6af03b9b429375fe

SHA256
dfc4e2357afca70ec70f01f0c11ef5d502e9d70d6dd51439fcc4f41b84816691

SHA512
78293e80fc61c573abf70eba0749a3a6713ab01b388db8de09acc2bfbc993e8e1fee5a13d6a595e485a39c98fc0df4e067ecdac627b28599fde4a6a4f40a4953

Download Submit
C:\Users\Admin\AppData\Local\Temp\668ef731-3262-4b21-bd5e-95db1a92e5b1\oemuninstall.dll

Filesize
367KB

MD5
3793291c977c725a44a8cd3c0c205ff5

SHA1
b41a1a7c9cf39e640ceea93f53b1499cf48e6d26

SHA256
76aea9df17367813e93a80ab2e7208f99f52a84a54214860de317fb729d15fa9

SHA512
afd49cd2575c0a147d529b8f20bd1dc7ea313f25b28b10fbf9d6d0c5bdfdcd42ea0fd88570813e755949045f5518c448f1ddb55970578d2554bdd582fa667d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\668ef731-3262-4b21-bd5e-95db1a92e5b1\setupdata.dll

Filesize
70KB

MD5
f4a3f6fedf3701f913d458bd7ac8942c

SHA1
3838b9af3e7da2d45ce1c315571a5d4371bcb0f0

SHA256
3df7885e5fbeb6093c01ea90a66d6e030acacc30bdc0e6b5ab184f6221da8289

SHA512
3bb47018a9f236edf650acb69b0b296ffe832ea8e9e06e8607e4a820716b08935ed1451a085c48c232c8892c52751129fac85f28a4f9fd0daf4604702f63cf51

Download Submit
C:\Users\Admin\AppData\Local\Temp\7979f770-b45e-4a7c-b1ae-52b0301fae64\AdAwareWebInstaller.exe

Filesize
17.1MB

MD5
92add233b0b6107991a13e95a5feeb8e

SHA1
36ac027f6e1dce2a09c1ef54835895aa316e0805

SHA256
67358074a49addf9836c1b8d75f59460fa62ded89c13dc12b5c2342764a7cfc8

SHA512
6140339c2ba62aad96659be76c58b13f080fb4a056760766c43fef26ad4255f3223dd85942956555a47222e216e04e8e47de45fbce523815f74190df6bdfa44f

Download Submit