754c40c9e7f9b69574cde44975a98552aba81ae46c71205f86080db7ce220724

Analysis

max time kernel
112s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bdb966b7db0cc4e635668336f8d29b0N.exe
Size

432KB
MD5

6bdb966b7db0cc4e635668336f8d29b0
SHA1

c9761a5577682b6fd277bb1f69f7744c54237410
SHA256

754c40c9e7f9b69574cde44975a98552aba81ae46c71205f86080db7ce220724
SHA512

3dde57dcbf378bdef03b209d4d9877a77cc27c6ec5550adef67a7c8b24c8d2dc248984bd82ce11cc17aa0f534d1ecb5f420eeb684551d1051bdd063beed9b9b0
SSDEEP

6144:O1pLaPZZc6XKADMZ/Mnoo0wToPdL8o/FBohRYSP/6JADD8by0caQiRGjYj:8pA/cgwZ/Moo0wTYoDLSADKP

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1648	6bdb966b7db0cc4e635668336f8d29b0N.exe
1648	6bdb966b7db0cc4e635668336f8d29b0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	6bdb966b7db0cc4e635668336f8d29b0N.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1648	6bdb966b7db0cc4e635668336f8d29b0N.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1648	6bdb966b7db0cc4e635668336f8d29b0N.exe
1648	6bdb966b7db0cc4e635668336f8d29b0N.exe

C:\Users\Admin\AppData\Local\Temp\6bdb966b7db0cc4e635668336f8d29b0N.exe
"C:\Users\Admin\AppData\Local\Temp\6bdb966b7db0cc4e635668336f8d29b0N.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\jkiCEA5.tmp

Filesize
261KB

MD5
69cdc3b75327759983c862783ed4da71

SHA1
584e2db71e73635d3770d1a24af23e80c21d1105

SHA256
caf31552253a845b5a19cca3029ee342cd71bcff1d41474d6c9f566ad14a7471

SHA512
a9f228b0523b6228ab95ce544d1eba810dcdd84d6ce1b3a671c1c2f14affa14bf5be4f160d6165b912d8e49c2c7564319487466d94bdfe86440e64fe78e8ec01

Download Submit
memory/1648-9-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1648-5-0x0000000000390000-0x00000000003D6000-memory.dmp

Filesize
280KB

Download
memory/1648-6-0x0000000000460000-0x000000000046C000-memory.dmp

Filesize
48KB

Download
memory/1648-7-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1648-8-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1648-1-0x00000000745DE000-0x00000000745DF000-memory.dmp

Filesize
4KB

Download
memory/1648-10-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1648-13-0x000000000A710000-0x000000000AEB6000-memory.dmp

Filesize
7.6MB

Download
memory/1648-21-0x00000000745DE000-0x00000000745DF000-memory.dmp

Filesize
4KB

Download
memory/1648-22-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1648-23-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1648-24-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download
memory/1648-25-0x00000000745D0000-0x0000000074CBE000-memory.dmp

Filesize
6.9MB

Download