03188a4a6ad590337e33ab48730ad84c14fda9227ca1eb977e74d38adeb4408d

Analysis

max time kernel
183s
max time network
226s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 00:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ʿȸVSP3[Ż].exe
Size

1.2MB
MD5

e1928a97b39a247ed9405db9120b40f4
SHA1

75f3eaa287db9a9b73a0396a04646177a3ca8a03
SHA256

bb6d80cb5885074f9732ba642b1f94262a14ed6e80b0d1ebe52fc10385c32bcd
SHA512

e5b79c4b43c46782677d2f3c3d6ca1bded797bb145d94e95d830e010ec411946d50f2a8006dff9439294988309ead70be8d1ddf3f6374e8d08df864f34f4bd1f
SSDEEP

24576:e32EVAR1qMT+4OcwRKpDExR+Kp2B+tNX8gEactizx0Zl0:oR+ClEDgonB+tNX8atW

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3276-132-0x0000000000400000-0x0000000000640000-memory.dmp	upx
behavioral2/memory/3276-133-0x0000000000400000-0x0000000000640000-memory.dmp	upx

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://www.2345.com/?kwczangsq"	ʿȸVSP3[Ż].exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3276	ʿȸVSP3[Ż].exe
3276	ʿȸVSP3[Ż].exe

C:\Users\Admin\AppData\Local\Temp\ʿȸVSP3[Ż].exe
"C:\Users\Admin\AppData\Local\Temp\ʿȸVSP3[Ż].exe"
1⤵
- Modifies Internet Explorer start page
- Suspicious use of SetWindowsHookEx
PID:3276

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3276-132-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/3276-133-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download