ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e.exe
Size

14KB
MD5

fa160459eb99fd1fe050db9b207b0a7b
SHA1

c60a601d7fc9d4cad19d2d7bb412e4f42bc6bdbb
SHA256

ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e
SHA512

83e8ab164b9e7d6a60991847d68281fbd44208e25290619e14ae10e58d846898e29c7ac243fe2f5751420404279326c9754de88d166aec91bdaf5ce28baac25f
SSDEEP

384:SFtI3DnrYVAky6mdMPqKj8jZ9nB25gkOYBS:SFtGky6md6tj+kd

Score

3^/10

discovery

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1216	3664	WerFault.exe	81

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main	ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.master69.biz?681"	ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

C:\Users\Admin\AppData\Local\Temp\ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e.exe
"C:\Users\Admin\AppData\Local\Temp\ea07bdce9caec7100215a36e9adbe189ec0f1bacfda7fd88e27295e88b17ba4e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
PID:3664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 1300
  2⤵
  - Program crash
  PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3664 -ip 3664
1⤵
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exsplorer.lnk

Filesize
196B

MD5
4633633e1edefc103a561eda21648d9b

SHA1
92843fadf0f33e8989425b3f9b7b98890cfe65f7

SHA256
c7b28796da028eb9e1885ff7888fd0c4a738dca62cef592d4f535da23e1a34c9

SHA512
5afdc13db4200e3a45810efc4a4f43a7dcfff7e3b3e483ddc26d5f490389e1ea30495021eb3132390e73d72c1eacacbe9601255defc0c57c226e62e292ffc552

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads