d66875a33e33bd8e059889fe5f739a1982926a24f0b3f18d13836082f65680bf

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 17:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

50936cf921bffe980f79e011f7dd0f94.exe
Size

34KB
MD5

50936cf921bffe980f79e011f7dd0f94
SHA1

5f050ac48099f29a7a29f1a9790c63c783eef3ad
SHA256

d66875a33e33bd8e059889fe5f739a1982926a24f0b3f18d13836082f65680bf
SHA512

d38135930bd82d7493059756e730a5fb1ec029cd0511fe60f499393d84d306635d6063b73ca8e009937a846d8d6189dabacf31bfc70f4a15dad84bb0208264f0
SSDEEP

768:pwy7luXqnKZ3URe/cqhVnjBsuC1bfeFb1RbfrFFPr:aypnKZ3Ulchtsl1bfw/frFtr

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-3-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-5-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-7-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-9-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/files/0x0005000000004ed7-18.dat	upx
behavioral1/memory/2936-118-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-141-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-142-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-143-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-176-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-177-0x0000000000800000-0x000000000080E200-memory.dmp	upx
behavioral1/memory/2936-179-0x0000000000800000-0x000000000080E200-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Traybar = "C:\\Windows\\lsass.exe"	50936cf921bffe980f79e011f7dd0f94.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\de-DE\index.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\ICQ 4 Lite.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\Harry Potter.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\Harry Potter.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\en-US\index.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\WinRAR.v.3.2.and.key.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\Winamp 5.0 (en).ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\it-IT\Kazaa Lite.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\ICQ 4 Lite.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\index.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\ICQ 4 Lite.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\Kazaa Lite.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\en-US\WinRAR.v.3.2.and.key.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\Kazaa Lite.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\Winamp 5.0 (en) Crack.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\Winamp 5.0 (en).com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\it-IT\ICQ 4 Lite.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\Winamp 5.0 (en).exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\es-ES\WinRAR.v.3.2.and.key.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\index.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\WinRAR.v.3.2.and.key.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\ICQ 4 Lite.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\WinRAR.v.3.2.and.key.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\Winamp 5.0 (en).ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\WinRAR.v.3.2.and.key.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\index.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\Kazaa Lite.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\Winamp 5.0 (en) Crack.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\index.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\ja-JP\Winamp 5.0 (en).ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\Kazaa Lite.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\WinRAR.v.3.2.and.key.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\Kazaa Lite.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\TextConv\fr-FR\ICQ 4 Lite.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\de-DE\ICQ 4 Lite.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\WinRAR.v.3.2.and.key.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\WinRAR.v.3.2.and.key.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\Winamp 5.0 (en).exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Triedit\es-ES\WinRAR.v.3.2.and.key.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\Winamp 5.0 (en).exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\Winamp 5.0 (en) Crack.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ICQ 4 Lite.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\WinRAR.v.3.2.and.key.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\Winamp 5.0 (en) Crack.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\index.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\Kazaa Lite.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\WinRAR.v.3.2.and.key.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\WinRAR.v.3.2.and.key.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\Winamp 5.0 (en) Crack.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\Kazaa Lite.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\Winamp 5.0 (en) Crack.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\Harry Potter.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Winamp 5.0 (en).exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\Winamp 5.0 (en) Crack.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Winamp 5.0 (en) Crack.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\index.ShareReactor.com	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\WinRAR.v.3.2.and.key.exe	50936cf921bffe980f79e011f7dd0f94.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\lsass.exe	50936cf921bffe980f79e011f7dd0f94.exe
File created	C:\Windows\lsass.exe	50936cf921bffe980f79e011f7dd0f94.exe

C:\Users\Admin\AppData\Local\Temp\50936cf921bffe980f79e011f7dd0f94.exe
"C:\Users\Admin\AppData\Local\Temp\50936cf921bffe980f79e011f7dd0f94.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpA23A.tmp

Filesize
34KB

MD5
eaf7a8c656c2fd214a0426f819abda04

SHA1
e5b8db62dd3948440e907300b91e7d01080c5096

SHA256
b014426e71bb117f604f28233187baa858df588475f950c485dd0a48efb5e3be

SHA512
e25bc45b53f6efc9f1e3d638f9949a4a1e36354a091b0d357933498b60d2478dc092b7467670657459d2f596178f0efd5a6e77f5e03cb55dc2369cb24a17f2f0

Download Submit
memory/2936-118-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-5-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-7-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-9-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-3-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-0-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-141-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-142-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-143-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-176-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-177-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download
memory/2936-179-0x0000000000800000-0x000000000080E200-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads