Analysis
-
max time kernel
122s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
31/10/2024, 10:16
Static task
static1
Behavioral task
behavioral1
Sample
8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe
Resource
win7-20241023-en
General
-
Target
8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe
-
Size
4.2MB
-
MD5
73ff6b22a9611c18bfb03fa96fb2e3f6
-
SHA1
1d90924c4416151abbaddd8969ca20af45e5d4d7
-
SHA256
8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04
-
SHA512
b292425ff13a6878c9ccdf025447515775796891d76b55ea748a33d6ca113bbc4bbe3d62e427f65641d021abf554178b10db0c6f79936db772046beeb90094d0
-
SSDEEP
98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEc:TssbCGo3yW8dLfZeNjR2c
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf0000000002000000000010660000000100002000000077da53735d883480fccffcd3ea8d353695ba3805fda6decf6428bf25466389ba000000000e8000000002000020000000967ea949082c3eafed31e854e0457afaff25bee2e276c7491763ba1e77c64f129000000071d84426f4dc652ba75a46e177692b194d6212900ac888cc285d1c4a1d572d872e248cc82983355e881b2b4fb5823a2081dcf886e8eed6ae2115862977b1e64776adc298b3d9e817b9305a5af415628a17d9b7285f6cab093c98bd3b49ff66033608415d5b420857979caae8c005e0c4b15a96ca8ba1c2db4bd5a488d6affeccc70c52390451ba61e799783cfd3cb4d140000000ef91a54a7b593de862f4ff7094acd598ae46d40fdb1de5a8e087bac20686cc8170ac6b9377b624fc695626d4cba5a2eef3e9f04b3c92318242205bb1d07b3d83 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a907cc1344750743988d8bab481dbfbf000000000200000000001066000000010000200000002b34ca5022f3ea4357afe5868ff380c157d90d01aef221f9841e3388c4a7f48e000000000e8000000002000020000000927c13173b3a262e618761d62c15fa4f7b5c97b06764e11e22560d88e461410f200000005c7cf1d9bd90bba982fdf1919fe190eaa284b05c055a9aabda518d3541307aaf400000007ce0f87472ef8e6c82ce6d0bda8817366293d99fce9e50a13615ad747a384c84a8abc5b5fad92d4cbce6bd316e89c6255469d8538e02fee0641797e99cd921b8 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A739C61-9771-11EF-B1C8-5275C3CFE04E} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436531699" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 406ee1207e2bdb01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54362000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd90b000000010000001200000044006900670069004300650072007400000014000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd155090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 1900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c543604000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe Token: SeShutdownPrivilege 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2472 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2472 iexplore.exe 2472 iexplore.exe 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE 3060 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 1644 wrote to memory of 2472 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 31 PID 1644 wrote to memory of 2472 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 31 PID 1644 wrote to memory of 2472 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 31 PID 1644 wrote to memory of 2472 1644 8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe 31 PID 2472 wrote to memory of 3060 2472 iexplore.exe 32 PID 2472 wrote to memory of 3060 2472 iexplore.exe 32 PID 2472 wrote to memory of 3060 2472 iexplore.exe 32 PID 2472 wrote to memory of 3060 2472 iexplore.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe"C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe"1⤵
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://buy-download.norton.com/downloads/2024/22.24.7/DSPN360/GE/DSP-N360-ESD-22.24.7.8-GE.exe2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3060
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5bbe8e2f10e87919a4d83aa2cb3de700d
SHA185ccacfd611638113134a04e7fc42e65f05a6658
SHA25669e94a8671d503dfde5c57e0992f4d26f25b4d96e04b3405c15b740110e0c17d
SHA512bbabc19be58dc5038ffcce5f612d45426e00c68bae3bbbfbfa2a9d68ed0af20a01ef94fcb914cddcdb306caa2652d77115a8ec3b2f32a39a46b4fba2d0d64a2f
-
Filesize
3KB
MD5b2442d9b4d22c778ebef7778b6d5d7ea
SHA1f8282d24d329f4eeda93f16ec2445eeb9d2b1f4a
SHA25669359c62ac9c6e01af85c96e35b727c863ef035cbb0cefe31111d02171e8f4d5
SHA5125f8735f52add83d50ab0ccda8430d4462c287352a8476967bec43ddbb1c587d5d22f4c12cfbeb02229465e6d0826838dbd68ace12c8e5b9a46e8ae70ffaefd41
-
Filesize
4KB
MD5f4a7b56ac390c1618a7db3c87e975a06
SHA1eb209063cfed78c55f464b4d44ee4b30f507fb66
SHA2569281527c89362c9e67050f9f19a1576a1d69a239d8e329d0555a21b367a0d0c9
SHA512ac0adfdc53688df3d81221858debf770e38ad86c9e4f1617f2e07d53d823e01258dd4f64f556ea0c83bd4acd655443f78966d76f5265368fc236c46fff34a86e
-
Filesize
157B
MD57d5962a2be824da6ee96b1affbf8e5b2
SHA198323d861995356a5fea5ba94f663963c6a7ec1e
SHA2568e896cbdd9b377f0b5db5f9a4f4a30e2f6cabcacdbf8beb6762c9f8cf07190bc
SHA51286a508bb794bcf7f2fd53ae0e5b902547bbbc8befd036ca9ede95216e1efb0e9f72951db027cd79faff98c012de90f369b276a380525b2982005d5fec68ecd37
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599a84c7772252d1a8abf937ed96cee83
SHA1a8666504f84aff4a22f229512300537fab1c03ea
SHA25623c1ea925e08f3c95051e9b42e3a89bdde0943bf484029ba6cfc9a4bdd04a546
SHA512722db79c34d8566734e4cdfbb6941dc184c9177ae64ede5530114b26549fc5d45369479d3aa281490fa470cac59e6fbfcd528d39a4a575e0136dce63790c61cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5844ef258fa5273eea1a1c71a472b0e59
SHA1596ecd66d63300487fa1d94b8418f1cec0d0c667
SHA2561a3cea90c9cb56eb5c5b26a2238cc842c209f4a0f8b45300fc529763e3fc3951
SHA512ec4587247dc91721c2b10dcc9a01b481e36203ee06aebeb397d9f0e795153a3c5ac446e679eb1e6dc378eef483e55eb5a30b3f467c935153f0d35a14b727d116
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5513c9f0653d3236301326ce9797fd9fc
SHA16d8e3b3908ff5811623284c5c7a5dd2c4a3e6981
SHA256c892c7c1ae6aa023e8793e5d1338789d3ce6bbb4794f695c20fe7d5764849cc1
SHA512f26d5a6d0140a715069df6ab3c873594d9bb97adcd36ff6296d62e205762215d3c207d382d16dd888fcdc9d36f0f33555c69bfdc3a1ec5f6a9477e467d5877f0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5181ab9f0b7d50084cf70da8129af70a2
SHA17d62c516111e4231d5d940f80000de081b52cd35
SHA256d56f2fee13261d9d11b24e7b3b58949ba1a2bccc32b2409f7708ac3f586663c3
SHA512a4726282ef74013bb8966ed3eb35bbbcd0e6f68dcd299642eb2049e1bb4528f8703d22808d7125e085a9732c2673f90d930146f72738f7de7162466f9cef5f15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535d86ba1c05f0c20e4c42ac0547b34f0
SHA1127e38bd1f02ac94f032f683ad49b6823288c776
SHA256c5cb7240dbe2a377afb1d9d5e88d58b594bdcd0ac2cb89712fed95dcd9c641c6
SHA5129a741f4b632b34eedbb52751ad410977bccba95406976b2a77ef00b060ba95a13bc0e8459da8b3548635de859038d2081d8364059945d1bba445c21fc31ad6c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571cbd58cc8e9d1002eca5235fb070fd9
SHA1808720c3a715a23cd26a89a48d51aeec47307d4a
SHA2560e048b8beb66be436e5032123b95f37e81ce2fcdadc392c0f74a09e0f21c9820
SHA5121b6c5e170a7af9cc5b13fa33fce596fbffc9d87bb7225e3f6b67a689aa7c05650dd22d363985cc3e04969f40dad618f40282deb5c266b9d13aa543a6407f5c91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5832b7e20e07f2b9832090e526eecc90f
SHA11af7eb0642c9b07529f4b5f0b0789be4eba9ebbc
SHA2568795e0d85150902b7055b94cf5b67b3596c3f6cde10cd05545aa52d87e6b7d5d
SHA51273b96a4c9df3b6e30a3316ac77772c0ba85630b4a187cc1d00ac6c938d662b97a9e76e22adfc375c5ae6ccaf60f345c855714bca917e06756b17bbe60cb846bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cd3b0763f964b98b2497e0422e2098c
SHA1dd157199208cd9657c6f7c2e9a30b3646e714638
SHA256133f5b0a7d8464c45975ba4a8d0f378be98d4f0bf8dbf97408f43560da638213
SHA51220316d49a413e2c255392e77a5d847286c4580a55e0e930022ad50ec86c910e8c94de5ba2c5d0a63f56c73452e9b18ff7f8eebc12757c909da89cb70a7cdf2b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587373f7ed4ba32ef6e4dde7f9d122880
SHA14abb8b664d97bb0d7310126fda2d758a9c940791
SHA2563b51b5a1dbe39a6536eb622ce8789fd9c24d5627e033e879549e956bee3f2d8a
SHA51298e6824451b9ce21e60f9b974eb090f732b6e8e3a00d4efbf925169aeb3654471df3f7a09f4954306ad196d5b6522363298de83acd66234fe9f1e02f4afde0a7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b401f490c28cb31c97fbbbee47f4daa0
SHA1c6d1e6ecedd8021c6b6646baea83ef604af52d8c
SHA2560fbf8ec1fbe905dcfb15c09a1ae88b7de487a7bf8176880af584da41e64167fb
SHA5123ccebc2c706fde3f7573b40a6663e3cc1447034c9db50e2ad6222b3551ef16a7840b99217ffbf64eff0e30cb2a0892ec65446e4ef585740b6425cbaf79678d5d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5daca3b200fb9e054e1203978934e2096
SHA1b3c52867c8c47a38708999db109046f277789dc3
SHA2565e87395aed60c0b425ba188fa71c371ca214c8b2c798e15facc997415c3d2365
SHA512ade659df4530729d44889c8679fe18621e735cf90ce10df969d4900245bbcb2cb6dd5ce255b7332b57dceb9a424e905479e71a7b7b61f0003e6a1097ca012904
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5384947e84fb5e9779beb0858cecc99
SHA141e132c5679c6cc57d17572f99a9447dcc75c447
SHA256ed901a6a5cfe312b01ab672378513e0cc5f4a07b2c8dc3444bccda716a09d624
SHA512b2085a392e1042ddb8e6999dc815a9e656c7bc4c0f83fbee70bc6be1815d8e918646817d72c31781fd5c49e3f018cc73f306f2c2e41af081ba9f9ae2226f62dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a4ee15e8ea8d67b9b88d43f6b998e15
SHA1f8f038d4fe3244d84edfe2bac4f71e2a86c034bd
SHA256009a311996fce2d03b8dafbc2ff09fd8061b5d5f5195e3b70e6ae81670c5ef62
SHA5122c6e89585cfd7902b86a273ebed780ec861b4580538acbbc0f101099adde149345d9f0f6c55bd8e5ba179075d81fa9dbac27281267ad4240d593be08ee8964c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be50d1614636774e1fe6f6e6dc1661f6
SHA13635ba97d4a7986d3ce3537e12ccc26c27c35940
SHA2560920d7e9d5dcb41ab4a5467010176eb0a985f50d3104db63586cfa7b8be3be88
SHA5126e8ef133fd7ae0fc7cfa37bba5646d1a27ff8001c38a28939e58e685078a196d2c14fbf006febd210199d8be8824a2a21b72cacb0d659e9cc4b5fba5892c2e85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d43998bafcee733aaba0aea1d85fadea
SHA1b65db0cbe38e46d97a8ddc122b3894a44775a39a
SHA2568bba496dd54b57dfb3ffd633ec92801b6234e3510afe3096ef443ec0b1b5baac
SHA512bdffc3c9ab1abd08e2ed0827d25ac83cb4d77f7b6c562fcb92d02c47ec53604ca1b57f4248ca82b2b326dd87eff75866299e739088289ded9bc93a2fa5ccc849
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54642b68932f95c17f61e1af3e83a9401
SHA19507859ae4876445aac5095a29e70fab42d0b7a8
SHA256467f6ac9a3544196a82bcbc4a565f672de6ff822009a80b16b426640355c3500
SHA5129f2d00a76a8e8578c9957b646447411bdfb3e098530e924e8bd16f00f2c61d1da18035d1e2f2d810d977ee8e90f5a5c859d8f8fe8289ff05bb6811a086dad00e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54756d01e488de19926d168ac3c7011f2
SHA1512e2ef33f6fcea39671ed37d3f990c43f0e4aa4
SHA2562454ea1a25793a6f8630588bfdf2d379fa66d23fba1a9b98debd3810818671dc
SHA512e7a01ed0dbc90079b6445be0c97c53484f37e60d5a8bdc704f9553c3c430d65a031f1b7e6cf9615f9aa1541c9680ba8c2a77022292c4c029931ec7d68b8d875a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5491f111e9269990cbe57a1f60d5fee9e
SHA1191f6b2b66bef106dbe63e6e8c3c5398961745a4
SHA2567be437fcc314e0c4ab4b503e329f81829bc5a0f17354f985abdfcb4a276fe06b
SHA512fe4e58aeb81928e7ef383571f82bcfb15780d88b094dce06a82abfc01f5ec95f757b0e72b097847dcd35b18bd454d968ed72f3c0f51d01d08b2b017e81840e7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5152f0a6b25fb8536bc1c79bd3c9c5b66
SHA1a575d1d60202199cee9b047fe8b5108e8b560178
SHA256d13e05632a3a330424ac70f54ac04bdf3843c6cc1d6b9bf2f652d914d0711e1b
SHA5125730905b04973d1ad8e67f2f7c8dac749cedc0556cc12423d06d60fbc36874188ab965b5b159b01651d07442e8ec1ded839b00ef4347e6cfbe6119d83f3313b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec044fdc685ed3fd6c5ad0b16b0061b5
SHA11fb0d2244f6385b2ffca5a9588f0dc35362ea324
SHA25657aa89de2a50e97057f2dcbd18de471a14b94768ae071cb227543437c9137296
SHA51235d42ff09d0a4c80355043f3eae1a14ebb5e5cc7eaa369e1d597579b030bb0774e5cd21b00d0646b8d80c7c97e6a187628692438f177c175c9d375a54d9f7f14
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b