26baa4252ae3a62bb4eb2fa35c777637bdc15cc660b40ddc99eac73edc811956

Analysis

max time kernel
142s
max time network
132s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 09:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

403518179/flashget1.exe
Size

49KB
MD5

6c09ec31b87e8c4c37a571de86cefebb
SHA1

12dbce9f388162a27de2bc757863eac1cc3f3d6b
SHA256

92449ef542dd41fc40c8c9de928588f590694f16e271a18a17d2c5d7c70faed9
SHA512

1a793f975db781544976ee4c236c49a82138824da48e57957b163697e20fab5ba8d1fc79864864451a02a9dc3e4439ca499ff01d603e6fe13bfe7a2938e1d543
SSDEEP

1536:0kh1tUlXu37pA828Nz9uNizpDuD4x/AYxJ:rh1alXu3DF9lzpn/Am

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

MiniServer.exe

pid process

1728 MiniServer.exe
Drops file in System32 directory 1 IoCs

Processes:

MiniServer.exe

description ioc process

File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat MiniServer.exe
Drops file in Windows directory 2 IoCs

Processes:

flashget1.exe

description ioc process

File opened for modification C:\Windows\MiniServer.exe flashget1.exe
File created C:\Windows\MiniServer.exe flashget1.exe

pid	process
1728	MiniServer.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	MiniServer.exe

description	ioc	process
File opened for modification	C:\Windows\MiniServer.exe	flashget1.exe
File created	C:\Windows\MiniServer.exe	flashget1.exe

Modifies data under HKEY_USERS 30 IoCs

Processes:

MiniServer.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MiniServer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8B143C40-E03D-411D-A9CA-EB08DC283387}\WpadDecisionReason = "1"	MiniServer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MiniServer.exe = "MiniServer.exe"	MiniServer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "0"	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MiniServer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8B143C40-E03D-411D-A9CA-EB08DC283387}\WpadDecision = "0"	MiniServer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8B143C40-E03D-411D-A9CA-EB08DC283387}\WpadDecisionTime = 80ce736c97cbda01	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-18-08-dd-ed-49\WpadDecisionTime = a0d5c19c97cbda01	MiniServer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "1"	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8B143C40-E03D-411D-A9CA-EB08DC283387}	MiniServer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-18-08-dd-ed-49\WpadDecision = "0"	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8B143C40-E03D-411D-A9CA-EB08DC283387}\82-18-08-dd-ed-49	MiniServer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	MiniServer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-18-08-dd-ed-49\WpadDetectedUrl	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8B143C40-E03D-411D-A9CA-EB08DC283387}\WpadDecisionTime = a0d5c19c97cbda01	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	MiniServer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = "0"	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings = 4600000002000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MiniServer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{8B143C40-E03D-411D-A9CA-EB08DC283387}\WpadNetworkName = "Network 3"	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-18-08-dd-ed-49	MiniServer.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-18-08-dd-ed-49\WpadDecisionReason = "1"	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\SoftWare\Microsoft\Windows\CurrentVersion\Run	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000004000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f002e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	MiniServer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	MiniServer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings = 4600000003000000090000000000000000000000000000000400000000000000000000000000000000000000000000000000000001000000020000000a7f002e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	MiniServer.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\82-18-08-dd-ed-49\WpadDecisionTime = 80ce736c97cbda01	MiniServer.exe

C:\Users\Admin\AppData\Local\Temp\403518179\flashget1.exe
"C:\Users\Admin\AppData\Local\Temp\403518179\flashget1.exe"
1⤵
- Drops file in Windows directory
PID:2064

C:\Windows\MiniServer.exe
C:\Windows\MiniServer.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\MiniServer.exe
Filesize
49KB

MD5
6c09ec31b87e8c4c37a571de86cefebb

SHA1
12dbce9f388162a27de2bc757863eac1cc3f3d6b

SHA256
92449ef542dd41fc40c8c9de928588f590694f16e271a18a17d2c5d7c70faed9

SHA512
1a793f975db781544976ee4c236c49a82138824da48e57957b163697e20fab5ba8d1fc79864864451a02a9dc3e4439ca499ff01d603e6fe13bfe7a2938e1d543

Download Submit
memory/1728-5-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1728-7-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1728-10-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1728-13-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1728-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1728-18-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2064-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download