f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4

Analysis

max time kernel
141s
max time network
157s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/06/2024, 08:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
Size

1.8MB
MD5

1fede9d10707ca833011f7b0d91ed354
SHA1

a2f7dae42a9820eb04586cfc00fa3b04da8510b3
SHA256

f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4
SHA512

d67a09a2a4dfc9908bec41ffee6b4b5d093ad83bd6717c2ec4aece58774be4d7d490f6aa257e0a97c7de851498a0f7372bb5ce8f4a8b148fe413405827ae206b
SSDEEP

49152:SFgOZmptfWVIzt14YQFgOZmptfWVIztDoop:SFBZm7Hz4YQFBZm7Hzio

Score

9^/10

Malware Config

Signatures

Detects executables packed with Enigma 1 IoCs

resource	yara_rule
behavioral1/memory/2692-0-0x0000000000400000-0x00000000004DA000-memory.dmp	INDICATOR_EXE_Packed_Enigma

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2692	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2692	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
2692	f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe

C:\Users\Admin\AppData\Local\Temp\f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe
"C:\Users\Admin\AppData\Local\Temp\f07972ae72f0f34d6b06dd4dfd59def1a55c58f9a8fe9bb055a1c9f7342c75a4.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evb7A42.tmp

Filesize
1KB

MD5
6f4f5bc0564e2d7d8ddab721ba02bb2a

SHA1
e6508404efdd61ab3d82b467100350af43104890

SHA256
8cab792e9dafe8a6a1368152b6b0092ee8a852006682594b1edf09ee532b8e9b

SHA512
a6613c04aa5e0f7926fd3453257234e61a2cbe7ff8f27b112579af0baf227ea9adeb63c4e8365e11c88b512bfdd9387fb24734d89a6ab4c5ba40b7b3ee521a0c

Download Submit
memory/2692-4-0x0000000074C00000-0x00000000752EE000-memory.dmp

Filesize
6.9MB

Download
memory/2692-106-0x0000000000400000-0x00000000004DA000-memory.dmp

Filesize
872KB

Download
memory/2692-3-0x0000000000400000-0x000000000048C000-memory.dmp

Filesize
560KB

Download
memory/2692-0-0x0000000000400000-0x00000000004DA000-memory.dmp

Filesize
872KB

Download
memory/2692-5-0x0000000074C00000-0x00000000752EE000-memory.dmp

Filesize
6.9MB

Download
memory/2692-6-0x0000000074C00000-0x00000000752EE000-memory.dmp

Filesize
6.9MB

Download
memory/2692-2-0x0000000074C0E000-0x0000000074C0F000-memory.dmp

Filesize
4KB

Download
memory/2692-21-0x0000000074C00000-0x00000000752EE000-memory.dmp

Filesize
6.9MB

Download
memory/2692-9-0x0000000008D50000-0x0000000008DAC000-memory.dmp

Filesize
368KB

Download
memory/2692-22-0x0000000008D50000-0x0000000008DAC000-memory.dmp

Filesize
368KB

Download
memory/2692-1-0x0000000077C00000-0x0000000077C01000-memory.dmp

Filesize
4KB

Download
memory/2692-107-0x0000000074C0E000-0x0000000074C0F000-memory.dmp

Filesize
4KB

Download
memory/2692-108-0x0000000074C00000-0x00000000752EE000-memory.dmp

Filesize
6.9MB

Download
memory/2692-111-0x0000000074C00000-0x00000000752EE000-memory.dmp

Filesize
6.9MB

Download
memory/2692-112-0x0000000074C00000-0x00000000752EE000-memory.dmp

Filesize
6.9MB

Download