34b3e610cfb0c53df98ad9247a3a353fb2868b8d1743b53ecfc48362c60d6a81

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14f66dfb5db0867fb0f9c83ec8831de2.exe
Size

82KB
MD5

14f66dfb5db0867fb0f9c83ec8831de2
SHA1

16c580bbc25ce0e6275b23dde8fffb3b5badb7a0
SHA256

34b3e610cfb0c53df98ad9247a3a353fb2868b8d1743b53ecfc48362c60d6a81
SHA512

ba13d4e622df9f0f35207109e1a08c2cbf00a999107d70ee4db7ffa8c1fc453e9499e62226d1889518a506c2bc166daa55dff73f672410a1464d531df5296a4b
SSDEEP

192:7G8Isn7IZxW81qsXIfzdeL/jKfP1FA/sDM/oOu5EXdmtkEnxIT1WEyncjWOL2edD:73IsWW6qbYL0PnAkQnu5EXSniT1in8jR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2560-0-0x0000000000400000-0x0000000000415000-memory.dmp	upx
behavioral1/memory/2560-7-0x0000000000400000-0x0000000000415000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2284	2560	WerFault.exe	27

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	14f66dfb5db0867fb0f9c83ec8831de2.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "about:blank"	14f66dfb5db0867fb0f9c83ec8831de2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2284	2560	14f66dfb5db0867fb0f9c83ec8831de2.exe	29
PID 2560 wrote to memory of 2284	2560	14f66dfb5db0867fb0f9c83ec8831de2.exe	29
PID 2560 wrote to memory of 2284	2560	14f66dfb5db0867fb0f9c83ec8831de2.exe	29
PID 2560 wrote to memory of 2284	2560	14f66dfb5db0867fb0f9c83ec8831de2.exe	29

C:\Users\Admin\AppData\Local\Temp\14f66dfb5db0867fb0f9c83ec8831de2.exe
"C:\Users\Admin\AppData\Local\Temp\14f66dfb5db0867fb0f9c83ec8831de2.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 416
  2⤵
  - Program crash
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exsplorer.lnk

Filesize
252B

MD5
ad3ddb5089e3a61a2f9eaeb81f52e7ad

SHA1
4f2a82e3c3996cd6337d282c79196a1b0e904873

SHA256
aa0b4ea98a7007f429d544d011dcff079a00118657c22cc95930fc0bfc943fdb

SHA512
6129e7b1a631ab98935f5c6237740a04288b7799d98a827d8abb338a70f91f03893621570de9f2d4dc8d29d0ad5ed3bed01d29df8a58d5be0d683167ead5e747

Download Submit
memory/2560-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2560-7-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads