6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609

General

Target

6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
Size

447KB
MD5

723e044f169b27cbce8dcfc2394d1f85
SHA1

f2815a97d5a06a7138535bd01e4ecc7e11ef3739
SHA256

6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609
SHA512

10478eb78001d26354575090bc1936c2dc188abd59b039e63265d94267a259956afba5900f9267538b4ad17d4f594ce89575cde7e3f9f1653bdabd82c8cd1db7
SSDEEP

6144:TctgbMGx68oRRUkntcQMP6viGfjYRM+s9uM1fgeKw3lnPyYX91UN/k8p5+wn0n68:0aVaU4cQMy1sage7kYtwhp5+wSNyu

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4840-132-0x0000000000400000-0x0000000000519000-memory.dmp	upx
behavioral2/memory/4840-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-135-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-136-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-137-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-138-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-142-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-150-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-152-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-158-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-160-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-162-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-168-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-172-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-174-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-176-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-178-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-179-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4840-180-0x0000000000400000-0x0000000000519000-memory.dmp	upx
behavioral2/memory/4840-181-0x0000000000400000-0x0000000000519000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\IESettingSync	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4840	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
4840	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4840	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
4840	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
4840	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
4840	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
4840	6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe

C:\Users\Admin\AppData\Local\Temp\6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe
"C:\Users\Admin\AppData\Local\Temp\6057fcdcbf5f69154dab3dd7d9f1c5d129d90ef0628b94c70d46b0fa9c2ec609.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4840

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4840-132-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/4840-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-135-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-136-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-137-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-138-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-142-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-150-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-152-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-158-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-160-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-162-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-168-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-172-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-174-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-176-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-178-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-179-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4840-180-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download
memory/4840-181-0x0000000000400000-0x0000000000519000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing