ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250

General

Target

ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
Size

2.4MB
MD5

fc95803da7089276c8ab97c22072788b
SHA1

ebcee918e28101e78cacf948e748abf4baf11776
SHA256

ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250
SHA512

5a3d25cf2428844a33fff0f45711e9e913a6c3b4190f4f81a2c91567adeeccabac56161d34c87c0de6c2bf20cf4505a6f87168c3f9161816fa17df4ae105fd2b
SSDEEP

49152:DUpkeyCxla9iSYn54fD9Wp3nZMEWifBA2A+Yw25+56YesR1lLaRWjzrvE9VDU9Eq:PyZMkA2A+Xk+535JHYmYI

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1072-55-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-57-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-58-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-59-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-62-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-64-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-66-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-68-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-70-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-72-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-74-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-76-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-78-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-80-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-82-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-84-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-86-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-88-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-90-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-92-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-96-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-100-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-98-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-94-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-102-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1072-104-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

pid	process
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

Suspicious use of SendNotifyMessage 2 IoCs

Processes:

ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

pid	process
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

pid	process
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
1072	ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe

C:\Users\Admin\AppData\Local\Temp\ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe
"C:\Users\Admin\AppData\Local\Temp\ff44dc01303a3e482241e0af84ad48f540b6442d2e16e8bc3fb45b0571bb7250.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1072

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1072-54-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/1072-55-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-57-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-58-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-59-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-60-0x0000000000400000-0x00000000006C1000-memory.dmp

Filesize
2.8MB

Download
memory/1072-62-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-64-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-66-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-68-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-70-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-72-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-74-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-76-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-78-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-80-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-82-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-84-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-86-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-88-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-90-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-92-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-96-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-100-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-98-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-94-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-102-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-103-0x0000000000892000-0x00000000008B5000-memory.dmp

Filesize
140KB

Download
memory/1072-104-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1072-105-0x0000000000400000-0x00000000006C1000-memory.dmp

Filesize
2.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads