74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be

Analysis

max time kernel
48s
max time network
195s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe
Size

925KB
MD5

1ce959f7f1016fd8c9e94a73bce7767a
SHA1

0e3c133943b6cf5a3d2fcb6b33e6fed3f0fa5589
SHA256

74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be
SHA512

0136273fbe8d99dc96ff03e00d8b5ea5d18d3d3b6a9d70df6add6b432ae408230b10e2d3097c123d1b47a944c95bc33268bd242b25d4925a345be947db4e1b07
SSDEEP

12288:Qmf8PzkvaBHmLV8P22zx+kdJ00Bvuyymhcx1UG6HyNrSjqOuPn6mc2RREYJaR:LSkv/VCWkdJ0OpGmyNtjPn68REYs

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/576-55-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/576-57-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/576-58-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/576-61-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/576-63-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/576-64-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/576-65-0x0000000000400000-0x00000000004E9000-memory.dmp	upx
behavioral1/memory/576-66-0x0000000000400000-0x00000000004E9000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1600 set thread context of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
576	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe
576	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe
576	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe
576	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe
576	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27
PID 1600 wrote to memory of 576	1600	74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe	27

C:\Users\Admin\AppData\Local\Temp\74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe
"C:\Users\Admin\AppData\Local\Temp\74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Users\Admin\AppData\Local\Temp\74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe
  "C:\Users\Admin\AppData\Local\Temp\74de8cb61d5c28365b238106d31cdd2f3b1bcd9184ad313e1f6698f4503e16be.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:576

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-54-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-55-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-57-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-58-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-61-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-62-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/576-63-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-64-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-65-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download
memory/576-66-0x0000000000400000-0x00000000004E9000-memory.dmp

Filesize
932KB

Download