510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac

General

Target

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
Size

688KB
MD5

42d085dff1bf12f8ab7f57fafdf9dc15
SHA1

62103dbeacf57605baf13802d1eb2a18d7a3656c
SHA256

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac
SHA512

a73bbae819123ed1fdafc75c4ee6be4df82aa042ac564c9e89efe90f4c3c94c3964628d70a5fca41093101e946b23e58eed8244024e29cc656c06e5c537efccf
SSDEEP

12288:WnvpS1w3sPVESMn/QLPNPjQ6XlsZwOcmxwaxIxVdWYRJJJkXu19TDbJ:WnvUq3sdW/qjQ6X5OlwaxInddLkunPb

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1172-55-0x0000000001CA0000-0x0000000001DE6000-memory.dmp	upx
behavioral1/memory/1172-59-0x0000000001CA0000-0x0000000001DE6000-memory.dmp	upx
behavioral1/memory/1172-58-0x0000000001CA0000-0x0000000001DE6000-memory.dmp	upx
behavioral1/memory/1172-62-0x0000000001CA0000-0x0000000001DE6000-memory.dmp	upx
behavioral1/memory/1172-63-0x0000000001CA0000-0x0000000001DE6000-memory.dmp	upx
behavioral1/memory/1172-64-0x0000000001CA0000-0x0000000001DE6000-memory.dmp	upx
behavioral1/memory/1704-67-0x0000000001DB0000-0x0000000001EF6000-memory.dmp	upx
behavioral1/memory/1704-70-0x0000000001DB0000-0x0000000001EF6000-memory.dmp	upx
behavioral1/memory/1704-71-0x0000000001DB0000-0x0000000001EF6000-memory.dmp	upx
behavioral1/memory/1704-72-0x0000000001DB0000-0x0000000001EF6000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

pid	process
1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

description pid process

Token: SeShutdownPrivilege 1172 510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

description	pid	process
Token: SeShutdownPrivilege	1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

pid	process
1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

description	pid	process	target process
PID 1172 wrote to memory of 1704	1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
PID 1172 wrote to memory of 1704	1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
PID 1172 wrote to memory of 1704	1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
PID 1172 wrote to memory of 1704	1172	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

C:\Users\Admin\AppData\Local\Temp\510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
"C:\Users\Admin\AppData\Local\Temp\510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1172

C:\Users\Admin\AppData\Local\Temp\510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
"C:\Users\Admin\AppData\Local\Temp\510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe" /_ShowProgress
2⤵
PID:1704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1172-54-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download
memory/1172-55-0x0000000001CA0000-0x0000000001DE6000-memory.dmp

Filesize
1.3MB

Download
memory/1172-59-0x0000000001CA0000-0x0000000001DE6000-memory.dmp

Filesize
1.3MB

Download
memory/1172-58-0x0000000001CA0000-0x0000000001DE6000-memory.dmp

Filesize
1.3MB

Download
memory/1172-60-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1172-61-0x0000000000250000-0x00000000002FD000-memory.dmp

Filesize
692KB

Download
memory/1172-62-0x0000000001CA0000-0x0000000001DE6000-memory.dmp

Filesize
1.3MB

Download
memory/1172-63-0x0000000001CA0000-0x0000000001DE6000-memory.dmp

Filesize
1.3MB

Download
memory/1172-64-0x0000000001CA0000-0x0000000001DE6000-memory.dmp

Filesize
1.3MB

Download
memory/1704-65-0x0000000000000000-mapping.dmp

Download
memory/1704-67-0x0000000001DB0000-0x0000000001EF6000-memory.dmp

Filesize
1.3MB

Download
memory/1704-70-0x0000000001DB0000-0x0000000001EF6000-memory.dmp

Filesize
1.3MB

Download
memory/1704-71-0x0000000001DB0000-0x0000000001EF6000-memory.dmp

Filesize
1.3MB

Download
memory/1704-72-0x0000000001DB0000-0x0000000001EF6000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads