0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42

Analysis

max time kernel
47s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
18/10/2022, 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42.exe
Size

481KB
MD5

9a5d545c663b624486014f6fa2a9191d
SHA1

4405421b37a9911352d319f7e0991ffa285c6753
SHA256

0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42
SHA512

95122c09507131227c73779b7200df622ff8018455890df2ae2d3dcce08bad27445783ae5363fb4fdb1b3f1fe2f904044cd22a9a87e28e27ed53cd665f2fdc68
SSDEEP

12288:+a28vBMNfTVB++EofQFpKGzNB8bmlF2PAgWhe83/MrbK6iOE64kk:+a2xfTrEofmpzBSmlF2PAPwwM0OE64kk

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/860-64-0x0000000000400000-0x0000000000424000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
860	0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42.exe
860	0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42.exe

C:\Users\Admin\AppData\Local\Temp\0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42.exe
"C:\Users\Admin\AppData\Local\Temp\0f563430d6070cba3bc9bbc2a2e75c09f7f0ca5d76fcff3741208accb7e6fb42.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:860

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/860-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/860-64-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download
memory/860-65-0x00000000001D0000-0x00000000001F4000-memory.dmp

Filesize
144KB

Download
memory/860-66-0x00000000001D0000-0x00000000001F4000-memory.dmp

Filesize
144KB

Download
memory/860-67-0x00000000001D0000-0x00000000001F4000-memory.dmp

Filesize
144KB

Download
memory/860-68-0x00000000001D0000-0x00000000001F4000-memory.dmp

Filesize
144KB

Download
memory/860-69-0x00000000001D0000-0x00000000001F4000-memory.dmp

Filesize
144KB

Download