e47a77788d6bea6fa60ae46b3fc1f67a8b5a333754dde313687382169fa2fba5

Analysis

max time kernel
0s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

191116e0821e26ec1fa24ecda5d20b24.exe
Size

7KB
MD5

191116e0821e26ec1fa24ecda5d20b24
SHA1

2284fade8baac17afd1c60215d14ff55618b3b93
SHA256

e47a77788d6bea6fa60ae46b3fc1f67a8b5a333754dde313687382169fa2fba5
SHA512

984bd17dd36ba63e5e571aadcf1bea53a4579531ec3f6bee969b7ba754df32bad70e23c908977526f246a0e1fcb38191ad9d1a1557dd99534124760bf9ef06b2
SSDEEP

192:jE59NYRGDHNH6uQ6oWD1KYr0TEMbEQZxYP+58:jG9NuGrJ6u5DfOEIEWi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4060-0-0x0000000000400000-0x0000000000408000-memory.dmp	upx
behavioral2/memory/4060-1-0x0000000000400000-0x0000000000408000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{71C22031-A2EF-11EE-A0B6-E650309876D8} = "0"	iexplore.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4060	191116e0821e26ec1fa24ecda5d20b24.exe
1492	iexplore.exe
1492	iexplore.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 1492	4060	191116e0821e26ec1fa24ecda5d20b24.exe	16
PID 4060 wrote to memory of 1492	4060	191116e0821e26ec1fa24ecda5d20b24.exe	16
PID 1492 wrote to memory of 2984	1492	iexplore.exe	18
PID 1492 wrote to memory of 2984	1492	iexplore.exe	18
PID 1492 wrote to memory of 2984	1492	iexplore.exe	18

C:\Users\Admin\AppData\Local\Temp\191116e0821e26ec1fa24ecda5d20b24.exe
"C:\Users\Admin\AppData\Local\Temp\191116e0821e26ec1fa24ecda5d20b24.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" "http://ads.regiedepub.com/cgi-bin/advert/getads?did=43&tohto=titi&soso=sisih"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1492
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1492 CREDAT:17410 /prefetch:2
    3⤵
    PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC4C7.tmp

Filesize
1KB

MD5
eb67baf06a1d94f22035da0b59a13d1d

SHA1
68948612d15d7eea6fbdb80371d9c7f78ff9b189

SHA256
428769b8aa88bd8024d80218948cd9af21332cc919bced628a7d8261aaffd800

SHA512
cc0f8e6fc3bb6765993e1074b4e34e8de49acb9c771635c02f3471249eaddd6c5a549cf492ebddf1af2e90d82cdb3f7a603fc0443334b9d4131ca78c50a085a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\px[1].js

Filesize
476B

MD5
d2183968f9080b37babfeba3ccf10df2

SHA1
24b9cf589ee6789e567fac3ae5acfc25826d00c6

SHA256
4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

SHA512
0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\suggestions[1].en-US

Filesize
9KB

MD5
2b1464ff0f5e8cb74e195976b6ea868d

SHA1
dc795445ca695b434f7e52df385d865156958cad

SHA256
538c243118d7582d0af51f13197b958b49720d633945685ff04788a9b9b3fbdb

SHA512
14d23ab4d79773b1ceb38c73ba8d5f44c8498ddc0e2f2fc7c0be9f11b050b225436ad344baf2530f2fbd61104a767695be4b95fdc51cd04b647837fb1f998038

Download Submit
memory/4060-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4060-1-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download