Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
26-08-2024 08:47
General
-
Target
266e2b54a3c5f954287acfc4f78b8ce0N.exe
-
Size
1017KB
-
MD5
266e2b54a3c5f954287acfc4f78b8ce0
-
SHA1
feefc7929b0289b0e1a0c9d6c1130f99d692cace
-
SHA256
902d031274b4361ae409d4dbca89951f2ee2d27a06fb645dba31b4d95ec3cb26
-
SHA512
549d8047d0a1c6c90c5aaf39ff69716160837632f89f064ce3c9aeb3991c84f0b0bc808b47830b5096e698f8c0422b7d14c6cec06ff3fa022047bc7c77a0f932
-
SSDEEP
12288:rjfoMXG5cpFKksKwPsVY3Ymfp2GJwJSHB8GM0T4TD+Yks/0g3yfd3k94g6cQ:rjuy2dsUZJO8B8pD+Yb/M3Eb6f
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
-
Loads dropped DLL 4 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Program Files directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Suspicious behavior: EnumeratesProcesses 30 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 3 IoCs
-
Suspicious use of SetWindowsHookEx 12 IoCs
-
Suspicious use of WriteProcessMemory 28 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0N.exe"C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0N.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0n.exe"C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0n.exe" C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0N.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Adobe\acrotray.exe"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0N.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\acrotray.exe"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0N.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files (x86)\Adobe\acrotray .exe"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0N.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\acrotray .exe"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\266e2b54a3c5f954287acfc4f78b8ce0N.exe"4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2808 CREDAT:603141 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.0MB
MD57cd1400c92aff28cc9c0f32886cab086
SHA10e9735dbf2870b0b4b617183015bc11334539418
SHA25692d07128995f5194452b6f6344811755f1e167c535e4cf11bdafb3c88f158e5e
SHA512c20aea8947b9ce1dd368ce461f97edb99089f13f2514d487895b3acd70e2463ab7dccca19e0634ddbf57f675d6c7a5c4f4bdf77900baa790b333344d3429cc56
-
Filesize
1019KB
MD507349510791a3c2d0873e49e07dcd3a0
SHA1aed13f243d3b825ee96a332e0cb9ecf240c605c7
SHA256424729b2c16bed0e1a89330e7964c9802e33497f7c6c3789366de8f4dbc15c50
SHA512ca37aac216f2b004e251c40fe51db2e2caefb925401db6441265a0711d47580044418bb69fab8e452935bdcfb127b25ae0e3cf085efccc14d31daa097321cdf3
-
Filesize
342B
MD5b1b5f93beba4be4532af1c7ea547e3ca
SHA1270a914e7abb86b9a8d6b3d1f845108312d0efc5
SHA2560ab6624df204146b07a69cae1ad43e15b17cb81c296f233243200a010fd2bdcd
SHA512d0c3eb92abfc59490e70fd457b732f175b37d38698fe798c5d725252ecf3d2895ec302a5f970e5cf8cb4153bf2b72596e292729ae79742f56803544099a13c1f
-
Filesize
342B
MD595133af5881181b46046cbcc21f315e5
SHA16c4be35e77b1389cc26482cf026b3a79eef65763
SHA256f18e7ffcd304b28ebc64166a5d46bcd50d255ce3b057df44fac817604e1536a1
SHA512dcbdb893c29efe9bc1b6b067a71930ba6fc53e9b02c0c1edcb9be8b3ab8ca24b72ac34f48097ea6991288259621f6ff126b2fbdb2179104b72b220d323bd3061
-
Filesize
342B
MD51427f0790e4fe4aaf4ed936c9aaf519d
SHA115380d3514bfe5299af4e46619d179bdb8652c87
SHA256f268a1943a53397c7eae9e93a804f3329e624fe3172c0dbc65cded04e7af833f
SHA512f78b10cef53f837623cc2962a7d985a1da3abc93e36d776dffe945c314de46692e6798cc2e1d5df642a84bd866dd76f9083dfd0f14d0b60e541ab0a095052b2b
-
Filesize
342B
MD59092efd29d8fe9af29f60d24a720da79
SHA139c17694de46cc2059e8c4efb2d2126be335be1b
SHA256211540f7081f127dcf88000aa783a0b86b74d2d136648e214218d4b486be2204
SHA512663dd6804096ce8427cc126babcf34a34f137267eeec0e9c99af6f9c2e5fc9063b538d8371f57f4e1074186894b00a780b8497f69f528ccc339f12dd8752ef69
-
Filesize
342B
MD5592e426e0c7209c521d68d0e2f195bf0
SHA132a7d416b5caf0ba8f0cb8ae5ca94ee456bfecde
SHA2560e34204101544ab5c85f169154b7bfd98dc19187df512748479dea3a2eb01f6b
SHA5125384e32ed544aed05696cf9373d0561b903d7f11ce7aab2c9cd92980867fef493fad3307de0ffd4be8ad4d191ceb1e7d08cb6284dfef88bfab2393483e8fb334
-
Filesize
342B
MD55f7f3955f6b9e8dda3f096b74d79f1b5
SHA13203ee0d0ede36cf23792d4005454811a336616e
SHA2565249637f3e9266ddc88814886de07de4eb068525746112e4ba7cdffca6617139
SHA5120686b8727af0174eae02626aa6bae04605fe7d8212280eb034e764a8e87634a4264b8bc23ccd0f3aa97704824d20ba309609a6293175099b24dc939050358a0b
-
Filesize
342B
MD5d850f72bb2754ac05e1dae3065156c0d
SHA1fc14a6093080514bfd32e89f419472eebbab5e36
SHA2564cc91ccd647f69547c455b6e6d686c13892e79b44794d859dc1c3c6db9e67734
SHA51271f646a7d576121232ac2a1e7cedea0fa5dfd889e473d255fa71435b1a8c3990a25e3f4d20b292fe004067f86c71ca54d88d22bdbbdf37a142efc0e53e57b12a
-
Filesize
342B
MD52f3ec1c7a5b90709fd3d251247cdb3ca
SHA19458fe23c4a6d2728d472f9ba6babb0d523bac7c
SHA2567fcb00301548b757e3187517a5e3300aa3464672462725239a8ac55baceafe64
SHA5122df16535766504d9b883998633a66d7ceb11ac487f8afb0032caa5073f41b72709ce1b0b1804fe16deae52588bbcc88342f0638ff0cbea2f9426f47b89d41d88
-
Filesize
342B
MD51e5a77e1b2ec1d51b49bc7f567fcc3b2
SHA194850855def775bdaec5b78545a07479088b7a4f
SHA256fc8ca07ef26bfe314534c1f5ca93b430e5e1fb132bef5c2fbf72d247baf046b7
SHA512ca5cb63aea373c913ea2fd656cf9fb908dbcb1baa362a98bb42002eeb0e311ba146d7d437a551885794f5c6b6b1097481e3fc6744d1824101fa5ec42c506f7c9
-
Filesize
342B
MD5ce4e14270a9b754d085f320ab7de8c40
SHA1360fc00df81208e0fe837163becfdd2a5fb3c7fc
SHA256a7bec4229b656ef72a562bf5d3bcd745e78b639490db81d262fe1c3ac49f7fcc
SHA5122485ae0140d3de485a3a69df9f6f00dea5bf6734d35e4eaf1682efef1a5ae5bdf172d0537fee04e3d4e0662810be23dfb822623842dbd9ba568e662738137123
-
Filesize
342B
MD5896105c4fed78b180df9c48bcf0a6df8
SHA136621fa9ddef9ea809834c49c784fd57dc26d64c
SHA2563f72163c9a9ddb557e8b8179619f62418f8f07a50e631d12d2af0aa63136ad8a
SHA512d9b31319dfbb75542f91404192b583d2f78be3a67617015c14f8c91b35bb210d2d345f5d9a62fb4383f9da1f290f61ca6e5933e994accb7d1de441a40bd08486
-
Filesize
342B
MD580d38d768fda8da7d0ccd11a3ff69ee7
SHA19f7ddc049e870cdc6eaafafe6eac107eb6511294
SHA25636d1b8999f9fbefa50c30689194ec519cc43e5e5c08c3e6b4e82be0cceb94c92
SHA51234eabc40200faa4e1fa70236c7b928b49f7ecb25efd9542495369ec9dcdf1a630b0e18c1d4bb29a610d457e758d5e9c29fbb72a4fd118d5fd537c60a86ae0e82
-
Filesize
342B
MD519cc4fd6d76e0087a36d1ff5bb238230
SHA1bca0565264b1fb82f97307a51895057c8e767ee9
SHA256a3d824db4d3ad534126bcaa00580ae23ba3d5d8b65fb74dfa9fbe750c50687d8
SHA5129101ce5b1feb86b743f47a6160b4afc17ceb7c4dcd4269cb87c67703d603933fe88d9794155473d862cd6ba57412dd1c37990f4dd6408ba16b0d449a0d77306f
-
Filesize
342B
MD5ecc0996acc596d57b63e3528f5a13570
SHA1668b4729c96a0767c9e00b70dea29329d921e36a
SHA256009b1c41fe5ba276b037a4e2a696b1978fa085bbc8de9be602b913dec680563f
SHA51258895df4a414b3a0bf3e4c26e4f823f91284ca9cc4fb380cb18dd2258dda582570ecc146953534d6e0d70f0a3763db46ef3bea4910f3c095eba49a07102a0b23
-
Filesize
342B
MD505e4be6f3fca345dd2e4272af8dffe23
SHA1d5c82e2e65d443c67051d66b2ff122a09f278d31
SHA2561d381443c4b846e66829538641a967991c40f88657ea10050fd82aa50eb7d028
SHA512981b39ce4106a5cca159be09905e89c6ae5728b8922987b667430f49d92bc543f8ad49071b39d3624d75ba393665478e448e389e545a3396c3dfc4d2b00d83f6
-
Filesize
342B
MD5ccc4757fe9703b1b5e3a72520ada9db9
SHA19caffb8e5885937d5511ff5c7aa98cbbaa69f735
SHA256a5b1972d27cb81b1422d257441782865c6509c4bcd91c7642673605e5a978d96
SHA5120811103b613447659ae64426bcdf34b29f97dbeea70e503225bb0e9e5ee2b223046338d98fca68276764ad5ab8b5e12089f3e2d3ec3b5a7e984a4671879d1cf7
-
Filesize
342B
MD54ae3c1215ef878712a97c1c9aa221746
SHA1eb00b290558febcdbb31ca4143200ddd46103a56
SHA256cd98cffd8a886b06c07762cdf6bd27cf936fd5bb3e719818049dd6470d1fa0e0
SHA5128a5e3e55e7099a7b58ff7304fb0afa2a502e67f438e7bfed1667b296fa6572e32f7e04e22bc5fdd249b2b355353b7afbbb53399d2c0adc14091427d2c3eddfc0
-
Filesize
342B
MD5a1c9636c59ffe138c5527ef5fd27b790
SHA17f5953e5b2f5ae02495dbbdae044ffad167057f8
SHA2569a8d65074d37bed011d9a9100c8f1e56adc51e11cbc2a90b322d1d938b9b669e
SHA51206e6b67e87da39cca21452a5cec722d53ad39c77e8015036deefea61431283ed69b256bbbe17c4c0025faaa000c936613a93b38bbfa7f4b39cde758577c7c4d9
-
Filesize
342B
MD59efe9f8fce712719bda05c1f4eb226fa
SHA1a0aa034460ce3c7bfe58a03d362c015fbe0e8bff
SHA2561196a86921406f669861399fba384f8e795e6a9585ec909ddb58f47393863341
SHA512511e812c54ae0bf1658cd07d9d072695af0a9340e9feb7dc910dda96ef8cc1b85750a81ac63bfd391c7c25ec1ee1677fbc101ae452265b1aab942c75f1725102
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
8KB
-
Filesize
64KB