e41bf579dd28fe5159a762cb2fecabd6b807492a4471b4a7700a93e613bdae17

Analysis

max time kernel
0s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 16:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

057c9b33453e8831a538d26c177a35ea.exe
Size

812KB
MD5

057c9b33453e8831a538d26c177a35ea
SHA1

383c369848c6e1f106becdb0589a6c89807cffe1
SHA256

e41bf579dd28fe5159a762cb2fecabd6b807492a4471b4a7700a93e613bdae17
SHA512

0d8055fba4ab04dd1bd6756d63f59401a8eab57b8d8217af106ae6a54daf7b3dd0ea87e7e3d4bf1cca56d41cb6093d2153b5fad17365dae5973d021a0da94485
SSDEEP

24576:28cOqTVRvsEzFcZTV6PeXMtYqONE4WtkOLF:21TVhzFdmXgN4WtkO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1668-0-0x0000000000400000-0x00000000005F5000-memory.dmp	upx
behavioral1/memory/1668-203-0x0000000000400000-0x00000000005F5000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	057c9b33453e8831a538d26c177a35ea.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1668	057c9b33453e8831a538d26c177a35ea.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1668	057c9b33453e8831a538d26c177a35ea.exe
1668	057c9b33453e8831a538d26c177a35ea.exe

C:\Users\Admin\AppData\Local\Temp\057c9b33453e8831a538d26c177a35ea.exe
"C:\Users\Admin\AppData\Local\Temp\057c9b33453e8831a538d26c177a35ea.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\css\style-ie7.css

Filesize
904B

MD5
e97cf620f6ef33056ebc9f7886954a72

SHA1
ce2f78f6751e09b8476d6153a79104a26c2a0780

SHA256
a7b66e20140881d7b57009fc22647b005c0a94515d66af57367302a34227c66b

SHA512
7d8a8e0b91c8d45d7f42076c456ddd6fd7836269d15b3128c630c93be599a4f5bcf3207ca59d2a1fc7c535a7c6e052ef5f8f7a21c30c3b3f388f4a12268183ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\css\style.css

Filesize
7KB

MD5
375fbce0d3ce00ffeec19c01d8a09ce0

SHA1
5a891b4b57fa6f981591d690fb1baa48fbcc5900

SHA256
4c1fa801f576dc216d1c4e0315a8ca038c2686ceaeae69c8add5aa5ab47a991c

SHA512
41533141dd4a941dac3b63157a4cdd33157a9b7c4aa39bae2a4bf66c25b46a1fa9380224513c386ecfed3fb9437152f66002d3342063392744e7b8a2e655b3f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\img\start_en.jpg

Filesize
1KB

MD5
12210c5c4d22a29ba5aa5a9dce3be980

SHA1
a846d94130370099b77d9f469383f283591e3b33

SHA256
d3feae909b667e7117cdca18f386fe70cfaf48d99286fa7d66a7157d385d275a

SHA512
39d009cbc987d5f42728b6787dd3d03892a9360f3b39b8aa996322778749e48f3bd3112bec094a100ed22f974e15ef84ea3051512d9d4d648aa06e23f719ae3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\index.html

Filesize
14KB

MD5
45da7454462500ab0f7bc9607b46640b

SHA1
304553661f17a3de85f7e235c4e39ba68dd7e109

SHA256
3e9b0fb2f2f2dc142459ea7288a1a5c20ae689d7d0c09ca9f7d87b7c1e2880db

SHA512
f5d8619a44d4be7f3dff401c4ce3dc26f500284f5f995c971ab70fb47c60d1c72552a9e7ed35103a228f8d01362cc5a6ff62d6b5924f582254bda45d93f7e632

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\scripts\DD_belatedPNG.js

Filesize
5KB

MD5
57ee2d36557e167776225f8a82b84694

SHA1
18474ac433af6fd19d3205071998feaf330b6151

SHA256
8c61dcfbc3dda3c82b2bbe977d816ed71cfb98a12545f2b2b1d218178e13b238

SHA512
e3b4ade10bcb823dc3c0d717e74430a7e74da529a277d4fb2736c3fa9477a1de8dec3c736c0b1a052cd53e3613d936a35ee058edc4045ac5b87dd79a525602d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\scripts\jquery.js

Filesize
77KB

MD5
8d4f527d8b08f22f503904cb1cba14c9

SHA1
01fdbb41ddcebfc2eca7b5284cc9c94f531fcee0

SHA256
2b7a7705aa251155c1989a9eea1a1cbdbd742b2dce8edea2a810db260b0d6058

SHA512
9f0bcf0f1ed65513190ff8add0d6570ad294fd8a6efb4f66f8273e90fbd3b88cbb2baf74800ec8d9acb1cacadef601dce5e6f548830ef58482908012d111d035

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\scripts\scripts.js

Filesize
2KB

MD5
11614da957e14244ade91e50bb2cbf60

SHA1
088a204174e81f90ef746f65a980de079518cc2d

SHA256
4c7edbc76ee5063dda92a378b41f7d6f4c88489bf6fb9a536794cbfc483e53be

SHA512
b994d321160e89c570e348db95eed3932361e167dd9612a21f3d10bffad3e9a1cb4778ac50fb9dfb7389236236137b6b79943b0c77ff3c3aa4aadd550f6defd8

Download Submit
memory/1668-0-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/1668-1-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download
memory/1668-203-0x0000000000400000-0x00000000005F5000-memory.dmp

Filesize
2.0MB

Download
memory/1668-205-0x00000000007A0000-0x00000000007A1000-memory.dmp

Filesize
4KB

Download