db75cf8aab778cbc5863fe6a7dc6f1003242f295a5bfdc299c6509482c7f8298

General

Target

178f469f22dfe877c68ba85bc7dd872b.exe
Size

1.3MB
MD5

178f469f22dfe877c68ba85bc7dd872b
SHA1

f8c6dce3649759ff34d5bbc3f05cb78b0ddc2fee
SHA256

db75cf8aab778cbc5863fe6a7dc6f1003242f295a5bfdc299c6509482c7f8298
SHA512

aa0bbde76b3e85e493b368bda5602281ee739818ce6f84dc5fed06c5dacc8efa8fe6719b4d5360829e7e31feaf8d3d97922bdfbf936535d8cc821e5d66ae47de
SSDEEP

24576:rEXnqWR/rz1xYK9CKIl0ObTF8DjHe/YR3Tcf8cmr1eUGoHT6t3+PZKt7Xke7zKzi:gqW5UK9CKIlbbTFV/H8c+eUtHT6wPq77

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe

UPX packed file 31 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2560-0-0x0000000000400000-0x00000000004BD000-memory.dmp	upx
behavioral1/memory/2560-14-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-36-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-51-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-59-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-58-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-57-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-55-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-53-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-48-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-46-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-44-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-42-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-40-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-38-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-34-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-32-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-30-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-28-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-26-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-24-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-22-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-20-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-18-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-15-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-16-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-13-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-12-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-10-0x0000000000280000-0x00000000002BE000-memory.dmp	upx
behavioral1/memory/2560-172-0x0000000000400000-0x00000000004BD000-memory.dmp	upx
behavioral1/memory/2560-194-0x0000000000280000-0x00000000002BE000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main	178f469f22dfe877c68ba85bc7dd872b.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe
2560	178f469f22dfe877c68ba85bc7dd872b.exe

C:\Users\Admin\AppData\Local\Temp\178f469f22dfe877c68ba85bc7dd872b.exe
"C:\Users\Admin\AppData\Local\Temp\178f469f22dfe877c68ba85bc7dd872b.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\E_N4\krnln.fnr

Filesize
382KB

MD5
6f62a128317dc3990bb4cd30742ddeee

SHA1
b04584b9e01c4b5fd28fbca1e10484dbbcb70db7

SHA256
d7d7b66c43181bd86335b25ba81cedaf624c64497e8465ee6a15d59f76f793b9

SHA512
de616bc293e1eedfb792c2a525b52bf29162e33e8280b74a26d24adecb0e58ffaa6131270e6ca9310044f2c4498b361b3e950532089a5118926802c0ebcab53e

Download Submit
memory/2560-34-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-36-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-51-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-65-0x0000000002100000-0x0000000002144000-memory.dmp

Filesize
272KB

Download
memory/2560-61-0x0000000001DA0000-0x0000000001DE4000-memory.dmp

Filesize
272KB

Download
memory/2560-68-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/2560-59-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-58-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-57-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-55-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-53-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-48-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-46-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-44-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-42-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-40-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-0-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2560-38-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-13-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-30-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-28-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-26-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-24-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-22-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-20-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-18-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-15-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-16-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-32-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-12-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-10-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-14-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download
memory/2560-71-0x0000000003050000-0x0000000003051000-memory.dmp

Filesize
4KB

Download
memory/2560-70-0x00000000002D0000-0x00000000003D0000-memory.dmp

Filesize
1024KB

Download
memory/2560-172-0x0000000000400000-0x00000000004BD000-memory.dmp

Filesize
756KB

Download
memory/2560-194-0x0000000000280000-0x00000000002BE000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing