Analysis
-
max time kernel
104s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
22-11-2024 03:31
General
-
Target
file (3).exe
-
Size
146KB
-
MD5
f26c45393af03e80a40ea06aafb01c63
-
SHA1
7c7e2f2e97269fce1777e00fd9a02f378cdc2e60
-
SHA256
9ce3b4f8b78146df14692b934919b6449227ec79e0e51e446d9f07aabad3415e
-
SHA512
a445023be352a5055e4e681cb075bad0a3b401c21b30a2aad83c898421b8afd76937bd92326e22119556b390fb1bfb78afd649b98a552e643ee640ad1d62d755
-
SSDEEP
3072:c0f+6XYD/v+IE1ntwfEqZKfW03DKk9eOxdN/7uzNooX2MsNYFfPu:L7C/Wz1ntwfEq4fHwOZ6FXoE
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file (3).exe"C:\Users\Admin\AppData\Local\Temp\file (3).exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c start http://www.tnaflix.com2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.tnaflix.com/3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\ProgramData\Media\rdb.bat2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- System Location Discovery: System Language Discovery
- NTFS ADS
-
-
C:\ProgramData\Media\plugin.exe-wait2⤵
- UAC bypass
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- System policy modification
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
146KB
MD5f26c45393af03e80a40ea06aafb01c63
SHA17c7e2f2e97269fce1777e00fd9a02f378cdc2e60
SHA2569ce3b4f8b78146df14692b934919b6449227ec79e0e51e446d9f07aabad3415e
SHA512a445023be352a5055e4e681cb075bad0a3b401c21b30a2aad83c898421b8afd76937bd92326e22119556b390fb1bfb78afd649b98a552e643ee640ad1d62d755
-
Filesize
97B
MD55303b5018a6cd19200b98d31ab04f25d
SHA18285eb92f131111e40d2dc864d3b386dad6b9129
SHA256464648d492af6bb50cf65ddcbdca3e90d4b224ccc6f4ce3944d439b6c32da524
SHA512654aed00850f6b7e424a5ec5acad086a51fb54f5f944238979f43fa1aac430661250210fe5f38dcd78e46311adc7e6b282cb5c41bebfe5a7d297afd6db6de21b
-
Filesize
13B
MD538de427224a5082a04fe82e2bd4ea9ec
SHA17e4a53de1f83762dd2febd39b818e2258bc83bc1
SHA25612f99f53144294750fe8713d580eda286f4bd95cd9c840db8ab957def8040028
SHA512ec3f3c324eeaad91ab0efd47b3084493d863f969344fa1ba87ace1974908053d396673b44c33b4dceeef792a74ad9278e06acc27c83459af1153de52f83afcbf
-
Filesize
342B
MD5ffc71f4b96618cd27945ad91047a1ea6
SHA17439497aa814c4c0755b3b1d73badcc2e090492a
SHA256907af2cf17bf92110a71c3fd943ec440e0162efc720313f407c2fc1da052379b
SHA5126acf2e2faf6d7e8d2d867411cc5a5928c39e1a4aa5d2b1050127f70a42f4cf2a9b8973b96a55bd277e6b6c7e7ee616c0b615e132e6bf43114eb7d518a7a0ac4b
-
Filesize
342B
MD597e4e4e06b613dded8176302ba39f78c
SHA1f900c63446b79a52ede19a986a7408e1be316e81
SHA2560654fcde7e303352d8eb0352ee53b3c903fc3ad11b7e6862e07c2cf312ef56d9
SHA5124d53fa3d7880b75fbdd286454ae9bf6fa9c841e80db21a6d78773c34391cf2bed1a8f12df06feb4dd893c412bacb21635eaccefc371b2bd22d70d391b97bf821
-
Filesize
342B
MD5b23a285cd73a6d4f987f393a02b8c333
SHA1ea4b54f52e052bf9d55e4ebdf7485f93f61d7895
SHA25628058858591367f57af9997184bf638656602fd8b6805a73e2b7186fa82fd83f
SHA512bef8d85b053d6cc1c3079e1fafbcce018c0118ae9e9703babbbd413108c22b95baf62f22b3bf29f8597ba141d73ecfa8ae591ac9ff9b8718cf87125702ed995f
-
Filesize
342B
MD56aa772c24e9b0f042d1d53334434f562
SHA1302ce6103f38d82834d4cf799ea991601f3749b1
SHA25619ba6b1d4aadcb69d2cfebff0ded8bef38ac1c528fb27846db9d6b1091feae5f
SHA512c9ae0d55b8400498924a1e00d4cc61a0f57deee1f8898444b6b00e33c4f74b392ee5e74d59a681352b1aa8a6b09bd6d6c3fbac6665fbdb114355d5e35fdd73af
-
Filesize
342B
MD559e139c1858d086ebb95b161c693c8a4
SHA1e08cdfa59856a0d54c7db8662e4eb2fabee6f830
SHA256fe75dc2a1da246ee8ad291bf3393499519777c4b3e80ff055b2b008f7495203a
SHA51278b8dd24f93437ab0e62000b6a9d206571a30fb223ef17ab2420763c3c89632449570b5846c6437ad04a5762ddb0a6274f68aa9cb34eb8be7a6490c860a3c7ed
-
Filesize
342B
MD50147a87aa6dd5da50bb0d003d665553f
SHA152025ddc35dae0e1a6f26677112e31b45e01eed8
SHA256222c988f4a836befbc3eb96d5c0d9b5fd5ccc66dd420ba356c4b1bfc1111efc9
SHA512a0d0f2a9a3572b60de4c846bf19891e081f3d9aeccee1b066b5b4af27aa856ecd3c765612d5e8d3f8e4a5c78e640efaa7c5f07275990c7f2a5cf9389ae0c4c57
-
Filesize
342B
MD5dc64a9bb4d1c6cd5f9560a0dfc2b24ae
SHA1dd7db72d82f1919210df0ae5355cc8f0cb79c2f9
SHA256fb3e6ce4f7d07e61185eec0e01d102346a894e9f5cc5262ca00183156ff1ebb2
SHA512235e0ba9dd21f031e681c269d4cb3c7ebc761cca5b5c94648de57baed64e8fe27f8518689be2f9e34de049dc75fa9b346bffc3b3ef2e84cc6112638d32ebdc6e
-
Filesize
342B
MD533dbd708b7f05d4378412097e8ceeb06
SHA1f76234067a2c1ae736be728bcff81ae14f3b9e8a
SHA256269cf0889f6dbb459303944a19cfb2112a1d358a3f7286049869c254d2d6edd7
SHA5125dd2b8178ce5e2218d21f6a52fd278841c104ac11a77c9b9ccc487b150f1829ae266c16094c88c9398341010bad1c4ecd5e155bdb12543cc3fb6f3210fb3d29b
-
Filesize
342B
MD53555853a239589dea5592a121f1d3dc6
SHA1bbc53201243ea7c69da34a8b21d9da678a0a7bdb
SHA25616bff988d6784e3c436d9bf5e4a9a55fd8f3f5a776f76dd2079ac692f869c8a3
SHA512e64251165fe74bbe83c78e595834ed47a58563d457345506f82afeb47de243897f2f0f94f1ffd3d9583ee466870906de60010dcba992d0798e698bd231115874
-
Filesize
342B
MD562436c0d0f1c32f944861539765a96d8
SHA187e6fbb90bb14d8cb84c340246850329ae641610
SHA2562cc7d43c7628debc5afdac50303d56c89fd3f157b52313fe045770737ae5a088
SHA51215ce2ea61b5ec95c6fa93494b6160d66678596b226a73fb52291bd690bc4953128fdbb5ea345986f618b32b2ac35684ff00f8b7c6c7cf0925535baa2452908bd
-
Filesize
342B
MD5f64bbba90385de17de4a04b88f68ab5f
SHA1c3e75b034081ef9d318d1158384c2a0b8bfa54af
SHA256147cf38c14a79703bc40d6cc6201c2bd2a82d1f5fd6dba03b9bd0876cdfee984
SHA512e18ab060c710d66021b82879d882182ec932e9c9f780c0f84bd229150b53d2be4125d5d4063bb7ba723d46537b52547f4dde1beb656632fc4d1a4fa78142c78d
-
Filesize
342B
MD52f54fa30e34ef8afe3e91f48241e22c5
SHA1f3dc5cfe6c34f1e821c1d987f2c0b5cc7cb1f3f4
SHA256bad121eb70a35c5286de408f803c8e9dd11bc4a31e8879618e10b8c8a53acf6d
SHA51286c8504a4bcd0144f063d3c1f6819024d19cdb2d85e93c162abbc703e9dd8f81e7e777b6df5d9cdd18caf387314468242b98c9fb170cbe942fb3628381ba91e1
-
Filesize
342B
MD53f87ad4cb84c283834f7c240f82c5043
SHA104f6ded0d468ebf1ca0f5d7a931e3ea1d54b032b
SHA25641b878ea92d21ab4aad0c1ee21449b7a7ae96bc38786251ba1c23bf555acd4ce
SHA512ccb6716d050a840ad78f6a01df52cd12b89ae957104521c7748fce8dbd42c478c916e487e69ec06a1533079bdc416ae5c12b3df3810b1b5eeff0949284954c72
-
Filesize
342B
MD5dc5c74229e09edbd3473253250ee3a1a
SHA111c031953b9ea412dcd8f17eff868308a76e8860
SHA2567bcc9ff23136a13795060434059446b8e450c6e93c46cb349a3963fb70d68f26
SHA512eb615db6d274164fadcc4861e4734c6f17f0f93ecde85e6d064268c717654dcf4f15c52dc17342ece4280664de8d93a3d862a0f8bc32a270b4135e45c9f3483e
-
Filesize
342B
MD55bff8c9b698b018f7e1e26752d1f30c5
SHA1bdca7a42e61d7bee032ea44bdaa96695f89092a6
SHA2569cec4ee9f8544586a5e44ed7a75348e527185441735819bf51741a890ebdea7e
SHA512747576c4503f6ede17db84440cd0f22efde09453d320c3d7f66d3a5493d389907f0eedfaa2400c6f8bdb74dab4f7782bfe045bf35c0fbc65fb39d02bf0604114
-
Filesize
342B
MD565f70f3e5f9fa188d9a10f39620f5c8d
SHA1212566017bdb5fe68e5d5fd5f152e459e31c5dcd
SHA2569561c0939a61d37227b86124b4f594d1dcb3915aea9ff1b9f1610c75d1fd4c0b
SHA512df08e80c49a8428c49056636d104858fec3711a9f56bc86aef379f0bf31ff570791e74db3d3b2fa38004afed37a2029aae3db06f621f9fca5daccd26808fe722
-
Filesize
342B
MD5cb29808ff509655d8a9628801c9a034a
SHA1771a292fbbca1b60c3eb10cd8d50cc90fa48962e
SHA2561e2604dd00c7ea01c5f5863c816ff5ed589da9853a4a9a44633939ad80495475
SHA5126b4913491ea4c0bf523157b952334c929788d01d653feedce52602669283915042a9852dd7fd24b20b6e22c7be2e0facfc488f1fa793126add47689bc4a9bd1a
-
Filesize
342B
MD5f98e322148bce77a8ee0668fd9d03ac5
SHA13f026eeaa3c298fb631e8170ed284351beab6820
SHA256d0665ea456180660209930950cbab357a7b2180f813b52ea4b363738a9cba550
SHA512ebea51c97f71b728061b49eabf4a13c02957afd9ca13cc8b4f69413099f5aa2cfa8971859b50ffcbb834c294fe4b1995fe738d499a07700a368d638745216d29
-
Filesize
342B
MD53dfb35e5dff261b68f2f42dc51a5e595
SHA1c9193daf4daf708010228e3c2dfe4994a957d7e3
SHA2569f395a888752b5874cfbf0c220e17d514c994942ab4d16a503846dbaed8bfcc3
SHA512475ab842d81cf74ccf5e959102bab275ce15eef841c50371b2a1a17467ec2e5dea3b39dc13438615b183250e772c6e249c3a9c57bfcf6f843a452363d28c32f9
-
Filesize
342B
MD5362882c8c2202b6ba95333bc6347b396
SHA1f85b4bf4728417e7a2366980848f29bfb1cbcd24
SHA256af76702350b3f6594f47ee80d01897c549dc9b3513657f04bb91e63659969e6c
SHA512800eede91a0b45a206f887829202e15747941a602de29e40d55ac28d64c638490d8834b561bec41e70d647b918a6ce67412b1ed3625bf4a3b62a390f20363581
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
1024KB
-
Filesize
20KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB