49e432a95d1f9046177075d1d567d9fdeabcb6754119fb36d94e3f70dd11487f

Analysis

max time kernel
152s
max time network
159s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01/12/2022, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FileUploader.exe
Size

2.4MB
MD5

3524bf075483daee7600be10d7414630
SHA1

6f549661d0bad58ebe8cbcd62f3051bb09f5cf9e
SHA256

49e432a95d1f9046177075d1d567d9fdeabcb6754119fb36d94e3f70dd11487f
SHA512

37c1f1f090e9c2d569aac7cb05813c7415814c46b07659a779972237e350a542149586e16d80a74f45597d0adfe7c6f76fcb0595f70f679483c93b617867bf0c
SSDEEP

49152:ZPF6u4jPKBN2Y5UOulpM3MEgi7Ls5JyhGJFZBHDSt5E:lpY1Y5kf+M/i7Ls5JRSt5E

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3844	FileUploader.exe
3844	FileUploader.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	FileUploader.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	FileUploader.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\FileUploader.exe = "11000"	FileUploader.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe
3844	FileUploader.exe

C:\Users\Admin\AppData\Local\Temp\FileUploader.exe
"C:\Users\Admin\AppData\Local\Temp\FileUploader.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3844

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\FileUploader\libeay32.dll

Filesize
1.2MB

MD5
ca9c8994cea09980530702242c331a85

SHA1
1676a23f97b4a620a733e64b6cc5da4a902e3360

SHA256
039b8b6fdc3e8a119812fd147c36b2a96424e7326371ca765cd6530429443e83

SHA512
fddac03088ffc095f73274752bb6705bbef80f8d32b233edb86ecccddb4657b0d03531dcaebe4f8abe91cf6b286d3d0a187df307e13bbd41b22b7eb70de32592

Download Submit
\ProgramData\FileUploader\ssleay32.dll

Filesize
328KB

MD5
605e7e2dd50d4cbabea235263f92996f

SHA1
ac3caf0d640ce6b33a01f2a7fa76410f73e520bc

SHA256
8b44b130bdaa368a31d54c1a73d5ca19dfb87d55ad0dc44494bf2a72a0f8a0c8

SHA512
42be57764a8021140091a63108c879408a6899f4df1a53ecebdff67a955083edf61901d996f865e0f47a48272f17aa01a13221c568b8126bb321065214517c6a

Download Submit
memory/3844-115-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-116-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-117-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-118-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-119-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-120-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-121-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-122-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-123-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-124-0x0000000000400000-0x0000000000D1E000-memory.dmp

Filesize
9.1MB

Download
memory/3844-125-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-126-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-127-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-128-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-129-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-131-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-130-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-132-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-133-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-135-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-134-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-136-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-137-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-139-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-140-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-138-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-141-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-142-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-143-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-144-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-145-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-146-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-147-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-148-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-150-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-149-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-152-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-153-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-151-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-155-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-156-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-154-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-157-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-158-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-159-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-160-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-161-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-162-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-163-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-164-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-165-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-166-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-167-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-168-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-169-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-170-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-171-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-172-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-173-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-174-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-175-0x0000000000400000-0x0000000000D1E000-memory.dmp

Filesize
9.1MB

Download
memory/3844-176-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-177-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-178-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-179-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download
memory/3844-180-0x0000000076EC0000-0x000000007704E000-memory.dmp

Filesize
1.6MB

Download