003fb2bbf5fc0859c558c6895e895c743d5f781c4ddbba37dc34861da169aa65

General

Target

1e9da9dc5240ebfea5109c44780ce91b.exe
Size

570KB
MD5

1e9da9dc5240ebfea5109c44780ce91b
SHA1

4e8b3b4769aec3696f4fc0f39f68cbf62d595cd8
SHA256

003fb2bbf5fc0859c558c6895e895c743d5f781c4ddbba37dc34861da169aa65
SHA512

5ae6667ca384663b336cdcd569c76a2b8b733fb5883ed414fca65aefa9cd1e4fd402403c35fb4fd21e9a7bfddf626f47f652446c60a64ebd0716317c3eb2ebae
SSDEEP

12288:hm6CzRcxuCKexx/w/hN86wiEB7y0LZ4MQ1dz:EVzdcxxchNHwxB7vuMmdz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1732-2-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-1-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-0-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-161-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-162-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-163-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-164-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-167-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-168-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-169-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-171-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-172-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-173-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-174-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-175-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-176-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-177-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-178-0x0000000000400000-0x0000000000520000-memory.dmp	upx
behavioral1/memory/1732-179-0x0000000000400000-0x0000000000520000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	1e9da9dc5240ebfea5109c44780ce91b.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1732	1e9da9dc5240ebfea5109c44780ce91b.exe
1732	1e9da9dc5240ebfea5109c44780ce91b.exe

C:\Users\Admin\AppData\Local\Temp\1e9da9dc5240ebfea5109c44780ce91b.exe
"C:\Users\Admin\AppData\Local\Temp\1e9da9dc5240ebfea5109c44780ce91b.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1732-2-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1732-1-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-0-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-130-0x00000000023B0000-0x00000000023C0000-memory.dmp

Filesize
64KB

Download
memory/1732-161-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-162-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-163-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-165-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1732-164-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-166-0x00000000023B0000-0x00000000023C0000-memory.dmp

Filesize
64KB

Download
memory/1732-167-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-168-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-169-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-171-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-172-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-173-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-174-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-175-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-176-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-177-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-178-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download
memory/1732-179-0x0000000000400000-0x0000000000520000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing