060cdea5594855264c627181dbfa78dc576ab7643d833aab4856dc87f09aab93

Analysis

max time kernel
141s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 13:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1tv.exe
Size

557KB
MD5

8cb6a77b770657e33efd4b09caab7b0a
SHA1

47bb47a0bd0bbe9eb66ba4b4f30564b980835e52
SHA256

a7aa475d631d59054a3c6ee4e348664c1044f76316b1bd6cff32696d04a81b41
SHA512

52514af3abae53d6fe44608f6b1cdd36b87a6ca88323ee2c8d60e9783eb973c5552d140de66dc683014117a78582126a0a912da57ed55cb37b1b74392ce61d88
SSDEEP

12288:AMAi00JcKpn053TAn8eEU56fTVlHjpE9pGyqc2GlUk+aDoenRq8:P00Jp0588eh5Oja9pGyqcVlN+0

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	1tv.exe
File opened (read-only)	\??\A:	1tv.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1tv.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	1tv.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2012	1tv.exe
2012	1tv.exe
2012	1tv.exe
2012	1tv.exe

C:\Users\Admin\AppData\Local\Temp\1tv.exe
"C:\Users\Admin\AppData\Local\Temp\1tv.exe"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\bcOMKqvTe[1].js

Filesize
33KB

MD5
e2ec36d427fa4a992d76c0ee5e8dfd4d

SHA1
47ec4ace4851c6c3a4fe23ad2c842885f6d973f2

SHA256
36488e81afcbc4d7018b8764c18032b10be21aa45521c9671fde0cc77f70b2d8

SHA512
d1ae29d19f65ce74b9b480c82b87315634ec2e96d199f5feb423918af9ad6e24c8b436e03904d452f71562f04c42acbb250256eed73bcd592a79c08911c74976

Download Submit
memory/2012-0-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download
memory/2012-36-0x0000000000400000-0x0000000000522000-memory.dmp

Filesize
1.1MB

Download