507953023e4877b6aa0c41985edb39f00b83ac314aad50e8c4704e6a60d10ace

General

Target

0121dc70db163365895d5e65a8846475.exe
Size

794KB
MD5

0121dc70db163365895d5e65a8846475
SHA1

8ca1d86d0c93f2b962bada6e60c221f15ed001db
SHA256

507953023e4877b6aa0c41985edb39f00b83ac314aad50e8c4704e6a60d10ace
SHA512

d9a4f8d9c53d4f2e5bd562c01761172f2daa2fe9612496b9b3c0d74d9863898b4b6bbda94ffdd91241d25f5642185a55eaed4d0c9d9cfcc05b4ca781be1bdeb3
SSDEEP

24576:q9dMul4lMV7JhDy6wahS6raC5W/vbv08EqMz:iVthO6Rh3aC50bv08Eq6

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3852-0-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-1-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-2-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-148-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-149-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-150-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-151-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-153-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-154-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-155-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-157-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-158-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-159-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-160-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-161-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-162-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-163-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-164-0x0000000000400000-0x0000000000588000-memory.dmp	upx
behavioral2/memory/3852-165-0x0000000000400000-0x0000000000588000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240603187.log	0121dc70db163365895d5e65a8846475.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3852	0121dc70db163365895d5e65a8846475.exe
3852	0121dc70db163365895d5e65a8846475.exe

C:\Users\Admin\AppData\Local\Temp\0121dc70db163365895d5e65a8846475.exe
"C:\Users\Admin\AppData\Local\Temp\0121dc70db163365895d5e65a8846475.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:3852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240602593\bootstrap_41359.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
ca913240f3c5b51aa404ae23d8893a2f

SHA1
052090ca9b1e0c8f96a5b75258a6dd3975cd9227

SHA256
8f67635d39f2eda26c117cbc758a00766d7881d3bf6a605ec5b718c768feb7d5

SHA512
59dbd423086926849ca2d2c6039f008da51435b982565c3d6536e6b944485de31a1690054a3a71350d7c516c522bfa8993150a05aabbc8f952890eb15486246a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\css\style.css

Filesize
8KB

MD5
e18d16e57a247fe8e0d566464963c7f5

SHA1
5ecc46bb1a8180cb257e3ffc5ed8b2cf9d6ba3ff

SHA256
460a5c3e75e37f0fd7fd8ba70533eebc8782aae287d4d7e33cb930b218d90c88

SHA512
bfcb2cb6baf7a7b99a95949c851dad1bd18c018c07385c57dd4cfae05faa01d6dd67378b5b42c9b4425abeff8b1d229f8cffcf9b18a2492c201bd7f8d8f225ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\back_butt.png

Filesize
2KB

MD5
95b7b97f8e0008b79aa310beaa4d10a5

SHA1
2ef1a45473c1afc746a4b3c876c858037e63a7e0

SHA256
2e38a827a2e8b8c977493a3cf2e0127d392caaf12b9d355754edde383583a57d

SHA512
cce457a16f2d6962f728bd51e7c457598c26ff2600e03e8cc65e5c2223e98cd237dc6b7a5c2f5072802889e056c02ae26f9da516e8301197cfa688e14d32c6a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\bg_logo.jpg

Filesize
52KB

MD5
69ef507ee02acb882aec2e94c414863f

SHA1
4e2207f788e591b65452c1b8dc63c0ebf724b7d7

SHA256
76ab7b546eba7ac52b029eb9ff4f75647c34cb174b5030f8cbd38a0a905bf012

SHA512
87e48482b45fe9f805fdf598be3f189ca7fe25bd8d8fd6988729d82d1c6d1781b14d22345f32bd28308dd2ef07369e783d96b42c0dacd49b3a5bb4239c00555a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\nxt_butt.png

Filesize
4KB

MD5
8a166eeb3e3e2a4fed0e0330a727c378

SHA1
d8bcd5d53f28bbbed593f082b912678b415c9983

SHA256
8098f00c3587ded9d30ccb1ae80d907a4924da7caf7abd786f9c06e31cc10f87

SHA512
79572eb6b38ff9d308f5b0109e7181da6e02a2e22d55b48ce74ba7dfe400eb14ae456cb31973290bf4c12e629252204b0f9f35995cb828f6ea886f6fe9bdf832

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\x.png

Filesize
1KB

MD5
ab987eed739ee72870e8834a02453826

SHA1
8f58e77c51ede9facb6fa81e82fd2025019b9a97

SHA256
67f5e189dde2b27cdd9ad6750c4e606fd6fc5f10770a3f001e7e4370343070c8

SHA512
24198568abe1ec25802d223d26104b2e967a89e41cffed2a05b3d37fc7be1324eb10ac98f29f3282c3f0b6962f69d992c99635ec4e47bb0af5d014d1b26d79cf

Download Submit
memory/3852-151-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-155-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-2-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-1-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-148-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-149-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-150-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-0-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-152-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/3852-153-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-154-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-3-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/3852-157-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-158-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-159-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-160-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-161-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-162-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-163-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-164-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download
memory/3852-165-0x0000000000400000-0x0000000000588000-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing