2668237c1a68fd907b86c55be4eef5ccb0a3143412185ff2a39b604b7d53b96c

Resubmissions

19/07/2024, 00:12

240719-ag9cystdpq 9

19/07/2024, 00:09

240719-afe3qawfqh 3

19/07/2024, 00:05

240719-ac9sxstcmn 3

Analysis

max time kernel
93s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 00:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MediaGet_id57783ids1s.exe
Size

4.6MB
MD5

c6ef97945bcc4fddedeaedc2c64c94f8
SHA1

c31cb62d4768c4c53fc461a480707c51489b950f
SHA256

2668237c1a68fd907b86c55be4eef5ccb0a3143412185ff2a39b604b7d53b96c
SHA512

3ac6687228d452cd83eb8568cb405c4378ce99c24e19ceff245d37b62a991df6f5c4d23c3757ef315f6e07a074a691b8e6b475ccb20c3088468f059592f17606
SSDEEP

98304:wNutFWMmBrPXvNRRChotHEncaQZC7Pa6QLwhtPFUP9fGyXJ:wasMmBrPXvNRw+9Enc0KLwh5hyX

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Internet Explorer\IESettingSync	MediaGet_id57783ids1s.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	MediaGet_id57783ids1s.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	MediaGet_id57783ids1s.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	MediaGet_id57783ids1s.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
100	MediaGet_id57783ids1s.exe
100	MediaGet_id57783ids1s.exe
100	MediaGet_id57783ids1s.exe
100	MediaGet_id57783ids1s.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
100	MediaGet_id57783ids1s.exe
100	MediaGet_id57783ids1s.exe

C:\Users\Admin\AppData\Local\Temp\MediaGet_id57783ids1s.exe
"C:\Users\Admin\AppData\Local\Temp\MediaGet_id57783ids1s.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\Montserrat-Regular.eot

Filesize
314KB

MD5
2dd0a1de870af34d48d43b7cad82b8d9

SHA1
440f4f1fdf17a5c8b426ac6bd4535b8fe5258c7e

SHA256
057bc6c47c47aaccdf31adc48a6b401f6090a02c28e354099eff80907dc2af32

SHA512
83df193ab984037b940876bf6371020b4bb13af74e988abb8ad6a30d48ab6cd9dc5c08937e58abab93278cc85c9d79c373688b2c51c035fdeffed639c933e8ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\preloader.html

Filesize
687B

MD5
a9c237c6645d55240cdda002fef26737

SHA1
8a7f5c4cf2fd1c924dd1ec754b1b4c5f65bdda80

SHA256
0271d97e4e245364c5c52e66d95baf24b3e00c1c8ea6e2b0da59291115cb6087

SHA512
480f28bffb5cb96eaf89f601fbf2de03fc5db04f579108b60de1e5be36ede324fc924f624bc29b42747e96f173a860a6fdbaf6da271b6bffb5b7906d11065555

Download Submit