0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770

Analysis

max time kernel
111s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 20:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe
Size

431KB
MD5

3d142578c2e528400eb708cb14f37500
SHA1

5454de90020801cc8f620696dc49e110e7e6bc10
SHA256

0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770
SHA512

a447c57932176fcb2077dec3fb2178c0c7ca7518c6f92edfdecf6ad60fe912b14bcc96b293048181e51d855840023625768e6c134d40c526eb2dcf4e70aabeca
SSDEEP

6144:OXpLaPZZc6XKADMZ/Mnoo0wToPdL8o/FBohRYSP/6JADD8by0caQi5YP:+pA/cgwZ/Moo0wTYoDLSADKC

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3016	0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe
3016	0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3016	0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3016	0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe
3016	0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe

C:\Users\Admin\AppData\Local\Temp\0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe
"C:\Users\Admin\AppData\Local\Temp\0112eff5a93abf8d3978a955b6c7842af003de651273c0a8cfd6b55884fae770N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\jki7F8C.tmp

Filesize
261KB

MD5
69cdc3b75327759983c862783ed4da71

SHA1
584e2db71e73635d3770d1a24af23e80c21d1105

SHA256
caf31552253a845b5a19cca3029ee342cd71bcff1d41474d6c9f566ad14a7471

SHA512
a9f228b0523b6228ab95ce544d1eba810dcdd84d6ce1b3a671c1c2f14affa14bf5be4f160d6165b912d8e49c2c7564319487466d94bdfe86440e64fe78e8ec01

Download Submit
memory/3016-9-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-5-0x0000000000550000-0x0000000000596000-memory.dmp

Filesize
280KB

Download
memory/3016-6-0x0000000000360000-0x000000000036C000-memory.dmp

Filesize
48KB

Download
memory/3016-7-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-8-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-1-0x0000000074A4E000-0x0000000074A4F000-memory.dmp

Filesize
4KB

Download
memory/3016-10-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-13-0x000000000A870000-0x000000000B016000-memory.dmp

Filesize
7.6MB

Download
memory/3016-21-0x0000000074A4E000-0x0000000074A4F000-memory.dmp

Filesize
4KB

Download
memory/3016-22-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-23-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-24-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download
memory/3016-25-0x0000000074A40000-0x000000007512E000-memory.dmp

Filesize
6.9MB

Download