f182e27276be3f863a52680c997b1860420d4eadf05583a1e986c493318bbd20

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
26/11/2023, 08:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

acdec80459a8ff4f2fae74089edce3ff.exe
Size

34KB
MD5

acdec80459a8ff4f2fae74089edce3ff
SHA1

8e9cd775245bd6bf86ce1ea7761b0b99eb3dd8af
SHA256

f182e27276be3f863a52680c997b1860420d4eadf05583a1e986c493318bbd20
SHA512

2d7642603d9a2dfdd9a2b6327d5c16c48fa991d965683fcd37645e104963776ffcbc11ae5783afe5e3d406272ac8d43eb6782dfbb9c175686b315db3e0f873a6
SSDEEP

768:pwy7luXqnKZ3URe/cqhVnjBsuC1bfeFb1RbfrFFd:aypnKZ3Ulchtsl1bfw/frFn

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2340-1-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2340-3-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2340-5-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2340-7-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2340-9-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2340-11-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2340-13-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-18.dat	upx
behavioral1/memory/2340-96-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2340-146-0x0000000000800000-0x000000000080E200-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	acdec80459a8ff4f2fae74089edce3ff.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\ja-JP\index.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ICQ 4 Lite.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\index.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\Harry Potter.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\Winamp 5.0 (en).ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\Winamp 5.0 (en) Crack.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Harry Potter.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\Winamp 5.0 (en) Crack.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\Winamp 5.0 (en).ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\Harry Potter.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\ICQ 4 Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\index.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\WinRAR.v.3.2.and.key.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\Winamp 5.0 (en).exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\Winamp 5.0 (en) Crack.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\ICQ 4 Lite.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\index.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\WinRAR.v.3.2.and.key.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\WinRAR.v.3.2.and.key.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\Harry Potter.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\index.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Harry Potter.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\Kazaa Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\index.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\index.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\Kazaa Lite.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\Winamp 5.0 (en).com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\Winamp 5.0 (en) Crack.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\WinRAR.v.3.2.and.key.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\Winamp 5.0 (en) Crack.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\Harry Potter.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\Harry Potter.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\Winamp 5.0 (en).exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\index.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\ICQ 4 Lite.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\Kazaa Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\Kazaa Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\Harry Potter.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\index.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\index.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\Kazaa Lite.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\Winamp 5.0 (en) Crack.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\Winamp 5.0 (en).com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\Harry Potter.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\Winamp 5.0 (en).ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\WinRAR.v.3.2.and.key.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\Kazaa Lite.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Kazaa Lite.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\index.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\ICQ 4 Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\ICQ 4 Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\ICQ 4 Lite.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\WinRAR.v.3.2.and.key.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\Harry Potter.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\Kazaa Lite.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Kazaa Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Winamp 5.0 (en) Crack.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Kazaa Lite.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\Winamp 5.0 (en) Crack.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\Kazaa Lite.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\Harry Potter.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\Winamp 5.0 (en) Crack.com	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\ICQ 4 Lite.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\Winamp 5.0 (en) Crack.ShareReactor.com	acdec80459a8ff4f2fae74089edce3ff.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	acdec80459a8ff4f2fae74089edce3ff.exe
File created	C:\Windows\lsass.exe	acdec80459a8ff4f2fae74089edce3ff.exe

C:\Users\Admin\AppData\Local\Temp\acdec80459a8ff4f2fae74089edce3ff.exe
"C:\Users\Admin\AppData\Local\Temp\acdec80459a8ff4f2fae74089edce3ff.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp4E4F.tmp

Filesize
34KB

MD5
09b255bde98ca309afddcec2c7d7ff92

SHA1
2c1dca82860feba55506be4b2cb0a7a49e3d6ae1

SHA256
49fb9d8df134f5bd2f19361af2f9165dc2aceeda627f9bf67b3975b56b2d15ae

SHA512
231df4a7446f33ddf7b8c68b77c1edd0f168c1d93067c5437ae763f90a9cb00240f35e203cae53b87c1795f57c749c70a62eedc71b0112435a116de8b0541fa9

Download Submit
memory/2340-1-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-3-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-5-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-7-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-9-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-11-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-13-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-96-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2340-146-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads