3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334

General

Target

3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
Size

2.4MB
MD5

369a32be1130150c1f45137d32126867
SHA1

9005d8aed8f2cc0b1212ea61e4e8d487be0c75cf
SHA256

3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334
SHA512

af35d057c97e0e75301fe7997737c8d0259296d6e27e7c7669aa688eeafceb53967ff87e9471016689c704709a663a1d221145667d6481104712fa28860e4997
SSDEEP

49152:lu0BqUz/0h0qMYvc/BL8pv3lSgPtXnRIpUbFwaDDCgv+FQJ8VFnd:B/i0qMYEJL8N3lSCRRlyaDD02kFnd

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3168-132-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-134-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-136-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-138-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-142-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-150-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-152-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-158-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-160-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-162-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-168-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-172-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-174-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3168-175-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\163.com	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\163.com\NumberOfSubdomains = "1"	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Internet Explorer\DOMStorage\163.com	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3168	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
3168	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
3168	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
3168	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
3168	3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe

C:\Users\Admin\AppData\Local\Temp\3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe
"C:\Users\Admin\AppData\Local\Temp\3af6932bad2b86aaeacc5797519dc5a78580cdc60173f14ea379b8431e704334.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3168

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3168-132-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-134-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-136-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-138-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-142-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-150-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-152-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-158-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-160-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-162-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-168-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-172-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-174-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3168-175-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing