Analysis
-
max time kernel
39s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
22-11-2024 03:43
General
-
Target
file (3).exe
-
Size
146KB
-
MD5
f26c45393af03e80a40ea06aafb01c63
-
SHA1
7c7e2f2e97269fce1777e00fd9a02f378cdc2e60
-
SHA256
9ce3b4f8b78146df14692b934919b6449227ec79e0e51e446d9f07aabad3415e
-
SHA512
a445023be352a5055e4e681cb075bad0a3b401c21b30a2aad83c898421b8afd76937bd92326e22119556b390fb1bfb78afd649b98a552e643ee640ad1d62d755
-
SSDEEP
3072:c0f+6XYD/v+IE1ntwfEqZKfW03DKk9eOxdN/7uzNooX2MsNYFfPu:L7C/Wz1ntwfEq4fHwOZ6FXoE
Malware Config
Signatures
-
UAC bypass 3 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 32 IoCs
-
NTFS ADS 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 20 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file (3).exe"C:\Users\Admin\AppData\Local\Temp\file (3).exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe/c start http://www.tnaflix.com2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.tnaflix.com/3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\ProgramData\Media\rdb.bat2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- System Location Discovery: System Language Discovery
- NTFS ADS
-
-
C:\ProgramData\Media\plugin.exe-wait2⤵
- UAC bypass
- Executes dropped EXE
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- System policy modification
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
146KB
MD5f26c45393af03e80a40ea06aafb01c63
SHA17c7e2f2e97269fce1777e00fd9a02f378cdc2e60
SHA2569ce3b4f8b78146df14692b934919b6449227ec79e0e51e446d9f07aabad3415e
SHA512a445023be352a5055e4e681cb075bad0a3b401c21b30a2aad83c898421b8afd76937bd92326e22119556b390fb1bfb78afd649b98a552e643ee640ad1d62d755
-
Filesize
13B
MD538de427224a5082a04fe82e2bd4ea9ec
SHA17e4a53de1f83762dd2febd39b818e2258bc83bc1
SHA25612f99f53144294750fe8713d580eda286f4bd95cd9c840db8ab957def8040028
SHA512ec3f3c324eeaad91ab0efd47b3084493d863f969344fa1ba87ace1974908053d396673b44c33b4dceeef792a74ad9278e06acc27c83459af1153de52f83afcbf
-
Filesize
97B
MD55303b5018a6cd19200b98d31ab04f25d
SHA18285eb92f131111e40d2dc864d3b386dad6b9129
SHA256464648d492af6bb50cf65ddcbdca3e90d4b224ccc6f4ce3944d439b6c32da524
SHA512654aed00850f6b7e424a5ec5acad086a51fb54f5f944238979f43fa1aac430661250210fe5f38dcd78e46311adc7e6b282cb5c41bebfe5a7d297afd6db6de21b
-
Filesize
342B
MD5231bdcfed72d9753cd8b4fd1a9e16a35
SHA13aa9ab6f9ede59d7fb23d2c7e904d95154cdfba2
SHA256d290ab20eaee871e17b8f95febe3a383b27cbc739ae7545b803399cadd0c9dc1
SHA512ee8a8b6430b6a9dad0134ad4664b51ceec1a13f7edfb4f0019fd7ed6c56c5db640614c8c733b5a17fac286b9041497f482989549b6286f71ec226b2335729cb6
-
Filesize
342B
MD59e0d9a1dc6b5829cfeb065552b7c4f85
SHA10bb483b7f871027d4ce00e30f8c31bf41ae324a2
SHA25678d099dae1a7844f86bd4564b1dfb98530b9d0846189996ce9571a92f7d7fdaa
SHA512d4bbd7e5d30fced8d060e3bacd71b50a1d246965c6b78081d485de48265e68c6391b89e6dc77c7fc0434fb9b8ac4853e8b6b54bee341516b33b57876d48a4960
-
Filesize
342B
MD5781980e1145e8bb729c4ce0cf261be8e
SHA1ec3802952fa6f07513617200362e9a4e748e8452
SHA2569e7eb85846110e7d96b618af239225360eaafc86f7f088fa3c349ee6e160fb19
SHA5128b88f5bfccfbc86623cbeb67ca9ab1f1f6da5063c9f6d20e62afe6b279c3fd65d7f4a06dd0c467e6a4109bb6251299677b9d8b5238abeb908b380e8c732516af
-
Filesize
342B
MD54391d98346590f6336e55924f400f67f
SHA1978eefc88934c61c07b6b1205f88a58da7b82f32
SHA256e571146a968f04803550cafbfa663963362e9db160a5d5dd589cada8e66dded0
SHA5124ccf0b0d12b1c24ef57b9679d7158b91d35c13304ac7e77eb6014926f7eaf6d2e1cea6c66df0b5de6750d91e1ee38d1de03835b99e7bb2a6d4acf4eebda272f5
-
Filesize
342B
MD58b1a85861d65c45cc0d45a442eff4a4d
SHA1bd4df4794af8bcdf6b25e71023520924b6eded1b
SHA256bc7410e5ad9aca4772917ac7a6db4861e1a3912042e7a0436264e9905eeb7511
SHA512ed707d165866d006d928c2f126570bc92b19b0ab8b86a026e3dfe457d4713ba0a1718751ab9f4ad4e6d45b087a5431d786326e6972a02bfc8a62393a8c7d34a3
-
Filesize
342B
MD56129ab49ff7fdb2a7c05a67c91b705e5
SHA16011dc9baf8879f74ac4e5fd30f82e5571902eef
SHA2569ad5ee23e2d7780dbb8a1d706dd6eac40fddf05df66d36436f0f2751a3b471eb
SHA512d15323734a9e8d2117c97ec96932b56ef462c4cfc0eca233127d222935d83e093a8423ab13b376c7796c9d0d5d6223e6239388fcd0f75dcc63628f38277a2777
-
Filesize
342B
MD5b08b37720c703904268b2349579714e5
SHA1e79ec3c2ab195819b17ff90bf248de6fab8688e8
SHA256a43d965e1332893b09cb8e9ab6f13a7615a5981922b23d652adb13b6becff9a5
SHA512f9a1b78825d0b8c95b349f5f09d68a49b6a2cd305fbb48a122c2c8e2f3fca152995040b5149ff795cf02fdda6345c6927809e200275b31fb64cb3c50d0aa45fc
-
Filesize
342B
MD5982b4c6ed2af235683950bd11b296f39
SHA12974530c0d2489a020ad2ddd4b52363d8896deca
SHA256d5695e6a25af66ba9eca5fb09b6c052f8d80d3717f037d98fc3148cad3b72b7c
SHA512276d61319b26f0ffcaa3c55de7dc7b0c160d28c86af9c20fd5f5e063e176a6c6444331ee782ee68bbb53e41e5bafeed73e484510746e29990ac8b436dea7b101
-
Filesize
342B
MD5dcb456652c4135a50638ebe80336e434
SHA1e35a37eb573699523d717dfc0ddf6de207fad363
SHA2568efcef1f64fe78a2fb0c2c33df7398f578a34e4f16bc78b902f521a8e8d36b25
SHA512c31e9c16ab650f4e10e20b9a1c6e07b153b5b2f897a68626e822fda13807e0a9772dc9b1d3fe0caa3feecff0b0991ea44f9709625d42be2d3922f639d6058586
-
Filesize
342B
MD59c40aa54b3432bcd0e9ee3e5f020d358
SHA1d42c02b64b982d172c643e5f4630676ee844a653
SHA256cce074ffa1084f7a25c8dfa5ee3548d7ec86e33b90c86b0ea9d6f826780c575c
SHA51292436cad4153d79c50bf10bb18c5a4a395caa4e69a109fba367b56f55d98d0560b7acb0ed4bb316b6baaeb2448d624143aac66a120ba5c481140f73d584d6e30
-
Filesize
342B
MD590e78ce99ab698b37ed2b84e9a91fe8e
SHA10f3c62bf4725a66f4f2f13a68e46ac38187dbc74
SHA256038327cd17e4c342cb133b3ebb119ea37d6cee9353547dcf4db9ed9a2419efb8
SHA512fefce98a64ba6ef2de317d6a7ff5f8688e5705e06edfd8162520483f447aabfddf55dd86de7dd9ee179bf652bdb5bd4de69211641828dffccdbbc2c6c9219125
-
Filesize
342B
MD545063b191b67c8df37a192075f9190cd
SHA165589ae71e2d5d09240aea127424fc56a439f627
SHA2561d37648f81e61cb588604a32791d5d9fbebabb7c89b52484898159ff0ad5ac0b
SHA512af7d7c3e27293a38827a49b647249fdb4e027f00c956c3500f0b41a835766f3cd7fc306dd1254b597b10630a4126c02679532b997e1be3ff7fb21bdc8600b9e4
-
Filesize
342B
MD56576b22de16eecfc9faba98d44710d0f
SHA13744883fd5872916f3e4fe75981b584b18c0f93c
SHA256d5465dd878ed1403cf278e91cada46e83ad906ef258f555fe9dc5cde66ff3ad5
SHA512f8fb20c1d454caf202e84a0041a249a6d2494b4983f7fa673d931ef6715f25dbb5609abb1c1845276b25f1a4be13918a4d7dc3ef86258251afdbb3e3b9ea9f82
-
Filesize
342B
MD576f9183d3083d6f055e1eb7b90eba65e
SHA166074743bb176717e594994c6cef690a7a35d2d6
SHA25618879907d9700ad60e8f2045fa19bf383a4540c6d6275af960b2d8d5b0174425
SHA5128e4ecbe2aee8feb177a6e76ea310573e6e4c97533a5e0e4b6137a1d8cf29cb05c52e67f1dae13c91e5812217320e559891c543ff25ba145de9a346e0394178c4
-
Filesize
342B
MD5ecee61443def2cb4c4045b46de12dbdf
SHA1b257ea8955435b458b63324d3897cabee2b3b4ac
SHA25672e6941bcc9c9575fd041a101b88a3deb5bff5ee22ffe4e67145d08f893c654d
SHA5129b42bd37eaed10ed1a56618d8f7045797acd40836a31306190bed6e8e2c142fa08d5985bda6f720591908a4d6df3140714937ac2eaad3ebbbc49371fd9587872
-
Filesize
342B
MD583c63d7a7d7069a3e6f5cf5b28f4d6c7
SHA16b6cbe7fa175b6c4e0f3ad895ae9513e70250b42
SHA2563691fb3c91d82f2747ff95d01844f0847bdf42bcb93d98c3c9168b2a90c1e75f
SHA512dfd3c7f329b18283cd92acfeb9885eee6d3b1c1dda2b8ee587096253e6f5a6eecddca0d55903b1c4fa05e3c2cc611ba2ecf8fbe039192a8a445201cdf6843c69
-
Filesize
342B
MD5ed460eb1b89a0d2474845523e6577cde
SHA18e4af4e9655616b0e4cf1e841eb67b87b43fad87
SHA2565f4e5119594fd997aec9203ebcb2207b87815a9b0a763fed0a3b36a5637667e8
SHA51281ae0f127ecf444a7b80571527d55462cceefa5fdb0274ef3375f58948a3c8960163d7de28e9fb337cce0c87315dd6804d55333af101224134bee47f462b74c0
-
Filesize
342B
MD5a6003d84d20feda39cbd637a555348ec
SHA15dffb1614bb2cdf50f48d490359529821a285509
SHA25638a062a5858faff3a3e62ae1328a5db14958a8ba4256378ee5816882b20390d1
SHA51220ed3236286f22475d0dcf21fd0b166450e081eeadfe64b01b13f5350c33ecf8972be3d5e8c61d3b01487eb4e17e6997147ae348f10cf2c59b68f59b5192ee1c
-
Filesize
342B
MD5fbe2de92ac7c6c35cd3821e4583ead3e
SHA14fa3b4261d2a5c462d9b01feedcdcbdc779c07ef
SHA2564a9d0cd45d441bdd12b94a88d53b185ebbd4e3219c884fe83e497fcee922e922
SHA51259f80272c2b892317aa1d7fdf254858e197476ce8c1d12b70caa46547e06e5e7d1189d071f87debee20f0a5bfd19b46d837a213d2c395a5d8214fc0b7eeea7dc
-
Filesize
342B
MD5652ba2fc9637732191d45f586bb21cc1
SHA1b4c7c1a109f9e36edbda9e893424966084b2ea08
SHA2565f961f0877a838db0f1ab80f6907a530552fb8d3c8cb3bdab06785f705bd3d03
SHA512e7044fbac8a81d01c5033c27225f42061ee41bec88e81fd1d66f323e755aeab498528b25bfbfc151869251a81aa58cd433190f74df75970807bbc30d3ec0737d
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
20KB
-
Filesize
20KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB