1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562

Analysis

max time kernel
150s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
09/01/2023, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Size

2.5MB
MD5

c49ac6f6a596a72bbe361fd99886c2af
SHA1

2d36c8ea93bb5689c0eeb3b6effd56eda06a097f
SHA256

1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562
SHA512

58a7edec8d2ba146ab0cd77c90ab8419de78f416ab567729d9cd4df94627a386fe408954934b7e71602c1fe25ab87c855db4a67174027a3e7a079821d10c4880
SSDEEP

49152:EUJSTEuvLDLk2OxS+s8KuqGaX0ToIBAUZLYp:xKEuvbkjJBAUZLe

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/364-55-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral1/memory/364-56-0x0000000010000000-0x0000000010018000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\snqxzpt.ini	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: SeIncBasePriorityPrivilege	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
Token: 33	364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
364	1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe

C:\Users\Admin\AppData\Local\Temp\1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe
"C:\Users\Admin\AppData\Local\Temp\1b87430a0dad87db6d7b958eadb2ef5e8ef7de2df9f232f191c41fcca226f562.exe"
1⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/364-54-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download
memory/364-55-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/364-56-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download