b7bfa49f197cce4ecc93c1c4080e34f35e2c66235939e77066a9ac9882e08ae4

Analysis

max time kernel
141s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14e8b90294cbcbc81562106b694e3cd0.exe
Size

1.6MB
MD5

14e8b90294cbcbc81562106b694e3cd0
SHA1

cc3e3344a6f8c932f22ed1e031dfd940f12125ca
SHA256

b7bfa49f197cce4ecc93c1c4080e34f35e2c66235939e77066a9ac9882e08ae4
SHA512

a75d033dbff84a3d6501db4a9fdda88d2f12d1861d841d17786d22c159863b632862bbf3fdbf06a55a951d3a0d52be2c4b200b84cf6c20723e9dbba2838d9b84
SSDEEP

24576:bFQNChBD+F6kxZC4YxzY5JaC2bfa0cTaAUW6P/6f8wCViZ6H5y5ebWvWESi2VKKG:bSNCCkQwwWf1ua/WPWiZoJaOENbD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/356-0-0x00000000009E0000-0x0000000000DB6000-memory.dmp	upx
behavioral1/memory/356-500-0x00000000009E0000-0x0000000000DB6000-memory.dmp	upx
behavioral1/memory/356-553-0x00000000009E0000-0x0000000000DB6000-memory.dmp	upx
behavioral1/memory/356-557-0x00000000009E0000-0x0000000000DB6000-memory.dmp	upx
behavioral1/memory/356-561-0x00000000009E0000-0x0000000000DB6000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	14e8b90294cbcbc81562106b694e3cd0.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	14e8b90294cbcbc81562106b694e3cd0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	14e8b90294cbcbc81562106b694e3cd0.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
356	14e8b90294cbcbc81562106b694e3cd0.exe
356	14e8b90294cbcbc81562106b694e3cd0.exe
356	14e8b90294cbcbc81562106b694e3cd0.exe
356	14e8b90294cbcbc81562106b694e3cd0.exe
356	14e8b90294cbcbc81562106b694e3cd0.exe
356	14e8b90294cbcbc81562106b694e3cd0.exe

C:\Users\Admin\AppData\Local\Temp\14e8b90294cbcbc81562106b694e3cd0.exe
"C:\Users\Admin\AppData\Local\Temp\14e8b90294cbcbc81562106b694e3cd0.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ZalmanInstaller_VideoDownloader\AddLyricsSA.html

Filesize
5KB

MD5
6989421ab3681bb53060a47308c2cf68

SHA1
e149fcd5cada11b4e54261ba578a9e4fbb47d1fd

SHA256
5e599d12630eda54c554000dbd1180d19d2008cf6beef8dfc4610528af080ee1

SHA512
4b9c866905aa2bdf3b2a827ed1b6fddcc28c9b2de512a33457091c76927835b40fbbb92d2d91a4206360a461a08bbd3f872d9c6ceca9a4e4ca2bd45b0f47951a

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\PCOptimizer.html

Filesize
6KB

MD5
893a1eeb78248971a106d8af7d5f91ad

SHA1
a1a81d55fd9fadb80395643f5ecc237c11eb0255

SHA256
d34c51c61a07cbfd059b094217fcd1081bc681fe0f6aca1ab4975120f1ee85d8

SHA512
511d3bd6b36c43e77a4492eba5421f0feac82c45f4caaac3b2b35ff263459573080b73108cd45789a698a891a6d4d35a8a61436a90f3b7f2b25b91075132936a

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\cnd_express2.html

Filesize
10KB

MD5
db40cfc959d491877f0dc0b3e59d7e60

SHA1
b7d4462c8a7dc08792441c071fbdba4bdf4c297c

SHA256
539d4bc22ddcc74dc851283ee4afafe3d32cb7b0d808d779e5535c2fe10bc54e

SHA512
d2a2c8c018c8b04a60d07def723f9821d44f63d41b38e38460a9470f646035b9c73e30f37cf8acd11d187adbc35fbee46921ea0ea1e479a6ddcd3de5028b2fde

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\cnd_express3searchprotect_searchcnd.html

Filesize
7KB

MD5
1a095bc08a7f234f1a024608d57045b8

SHA1
1699ea0a47e3fbf35c5d062c7f640fa968ff1d65

SHA256
43cca565b8c4183cc437e79a6bd6a6e723375b0a0c684a5e156815fdb4128dc6

SHA512
86cd4189e5a6439bfbb5a3fea937528735f8fb29890836d27921536840240838989473d7221103bad4f965ef48242dfc0a2677d08a7b873b5239851cbf1b007c

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\dale.html

Filesize
9KB

MD5
d1f1efcea6d9a386a131294c7c9791eb

SHA1
182c3c3d2faacdc0b29125e40bb142d0ea7e0e28

SHA256
ce52eb0ec9f8986ff866cfa4eaee1aaf8f88536492f7752d0521ef365a8309cb

SHA512
d18125a50525899b715f24aec543cf2ca8847e0860ea7e8bd7933762b022d9e2f53f7ee97632dacaa3775e442adff15030371c7e9dda2d5e43cf955ed6fba671

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\images\close-button.png

Filesize
931B

MD5
3ba68bdba748cd94facfec96a0e7192b

SHA1
f28aa8a32f790a203bb4be4de37b5df9c8753b58

SHA256
5d7a83f0a198dbd074df50d5692ea7412cee2ea61be49239e16be0ba43e5ab63

SHA512
086724d0c7ed722c86d93abd02f6aeda2101acf89cd6879583cd782accaca9dd8ebef8493346b3644bb361328b4e26a013f72ad64a2000aebec98c3674cb0bcd

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\images\next-btn.png

Filesize
5KB

MD5
52ebffdbb01ab7d101f434955e5f9957

SHA1
f2b7604735b0303512d3046d115ae8bb95bcc6bf

SHA256
dabc5228f0da0c068e0d4f944bd027374c7e5eeb93be229d542d0cc71aeec524

SHA512
b06540b51b6c43c5764803fdb30c1db65930c74bcffc85a72fcba409ca3aca15f3ac5ed6013d845746d7af9ff7c3504977a1e6f4a52372cf8d590e2cc5252f6e

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\images\pc-power-speed.png

Filesize
8KB

MD5
b23d9a1e3a7da0a756f4a7ed53acccf2

SHA1
cfc45310385dbbfdf3042536d8cdbed1cd9576e6

SHA256
01f2d17e70a972f3ab25d13f901f8be56cb886e953ee0072d932e9f6a8ce5d4d

SHA512
bb248e031de23496ebb1b5b2e73b0103b202d2afc455aba663809c2ea151a43491bf3e322dd1d46773885718344605d27028740d32b9a7e12eb36d55665cbf97

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\initialize.html

Filesize
3KB

MD5
5a2324a4b55507a479575cee3a3c4af3

SHA1
fa663ee861a65d8d1ab016134a03fc16882e5bcc

SHA256
81e53dd49e7dfb568e6784bfbc0ece40f694d35ff4f80e4dd958bd0f2066d73a

SHA512
397c833c2d7631955f902b0ca1b35728fcce69a45a56bb33a85db998fe2871c2642570c457e8def59fb269d65f819c45f4fd85d5569df75e08a431effbe3436c

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\js\jquery-1.6.2.min.js

Filesize
89KB

MD5
a1a8cb16a060f6280a767187fd22e037

SHA1
7622c9ac2335be6dcd3ab8b47132e94089cef931

SHA256
d16d07a0353405fcec95f7efc50a2621bc7425f9a5e8895078396fb0dc460c4f

SHA512
252476e9f94a6db579e14cdf1197555e856e6b80dbcd78c46b9345ce6605a1cd69da0dab2a4c475b51d2103404d2c61acd18490e005d625eca06afe4d75c8a6c

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\js\jquery.easing.1.3.js

Filesize
7KB

MD5
6516449ed5089677ed3d7e2f11fc8942

SHA1
82e40d060bc269a6dde20c3990ca5a4fea6ca754

SHA256
0757f7ff6e5f6a581922a5e2d42c5e0cf7475d880885a9802e8bdd5e4188dd34

SHA512
6ebae34e9f46e8c90a5f94235f0c00424b1c7c5a4a8b7a248f267f337bc6c3083da88d66b28cfbcfe11b4012d7b139d52b73ce8d80461dc42f5f7e0614aaffec

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\js\jquery.js

Filesize
54KB

MD5
85b7cbe520e2449c84b04769bce1b45a

SHA1
20860bad9c83c3890be57052f009b9d97848c9ec

SHA256
dba3ed2e85be82c9109419d15f948eaf3832fffce09376d8665e29105c28e9c6

SHA512
a888525b2dc25b1a87c47431c84de961cf200d413dcefea71cc156d24eec6d83ca054bbfccb1574f28708fb6698914e29a3c31e30625dc2ec3c688688f4bc232

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\js\script.js

Filesize
2KB

MD5
2769811b98ab192654e110ca26fe89a2

SHA1
93621f4eb50500f506849ba904a17001f22f2589

SHA256
aa5cc1200703e11dc4ad47ba69b7cf5c396c9f2462bad69034c2c5eac2181155

SHA512
6be3e03017d8ada638e284e6c21ba470152925162d8ae6695fe5fcd147523d2d8aea66c8fa4e148678673fe992a5a080e596a1ee776f9fa57f4801a687848d2e

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\linkury_express4.html

Filesize
8KB

MD5
8d7d952c1f98667542accde885be35fe

SHA1
a9c1e4eb3fbe09756c22082ca4ff0a85f3c62148

SHA256
0fcffdb970421589647c3e528cb0a7732bfac3c97d273301c1adacdeade16a2e

SHA512
84795694efb3ae8d3465cea6ce23dddfbf99d8d087a3da87e0a862853d0b154f00f5200fcda9b26c4dde3ec02774d72d69559e577dc17c8da7e5df2f4ce0d157

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\paththreeDE.html

Filesize
5KB

MD5
0127619adf9e3c0cbf2d3e4ec6bae2f9

SHA1
c6e0a160d3e14a7d652c620861b5a6a05200fe22

SHA256
fca533ab30eeaf68b07c8abc82b292d1d8d6ae39337b961b5c20233f0e3d45a0

SHA512
def41b1d379efa102c78ac5b829747a58324298d75a6ea050506ad29de6cd09f665668639a8cd93e4ffb4193ba39d10939f46494dfab244f8fdeb0052713e0de

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\photozoom.html

Filesize
5KB

MD5
241fcc27d9f4f070fed57bfa08dc65e6

SHA1
e05b7dd95ee999cf6fd3f8a598e194dd088f470a

SHA256
314928f603c4a40fe7c3a1a257857bc2d3c4ab7777e9b0e539f29bd8c9b366c4

SHA512
924a633f3afa9f547ff3a0df17948b59a87702b24c078362bb9ba0ff49b7eb345cdcc8b2c9969cf5910a6ac29dd9f488462f6b02d1b9c37e302ebf6174d89965

Download Submit
C:\ProgramData\ZalmanInstaller_VideoDownloader\style.css

Filesize
9KB

MD5
6398b09012def66179d0c31eae2b9eae

SHA1
c07e742a406e1e343af45f8a04c5d45b00a1653d

SHA256
186b0182042989245cfd55c717e412bc6bbddccee7208de84aab4749e7dc688a

SHA512
3fc02c415cbd16bf04bb5857214c018d3b1659ba2c43d6264bf1bdf669feab94c633b28edcaa9251ceb98e2e6de3928cd73d3b3650714e80bbf255c255674829

Download Submit
memory/356-502-0x0000000000DC0000-0x0000000001196000-memory.dmp

Filesize
3.8MB

Download
memory/356-504-0x0000000000DC0000-0x0000000001196000-memory.dmp

Filesize
3.8MB

Download
memory/356-503-0x0000000000DC0000-0x0000000001196000-memory.dmp

Filesize
3.8MB

Download
memory/356-0-0x00000000009E0000-0x0000000000DB6000-memory.dmp

Filesize
3.8MB

Download
memory/356-500-0x00000000009E0000-0x0000000000DB6000-memory.dmp

Filesize
3.8MB

Download
memory/356-2-0x0000000000DC0000-0x0000000001196000-memory.dmp

Filesize
3.8MB

Download
memory/356-3-0x0000000000DC0000-0x0000000001196000-memory.dmp

Filesize
3.8MB

Download
memory/356-1-0x0000000000DC0000-0x0000000001196000-memory.dmp

Filesize
3.8MB

Download
memory/356-553-0x00000000009E0000-0x0000000000DB6000-memory.dmp

Filesize
3.8MB

Download
memory/356-557-0x00000000009E0000-0x0000000000DB6000-memory.dmp

Filesize
3.8MB

Download
memory/356-561-0x00000000009E0000-0x0000000000DB6000-memory.dmp

Filesize
3.8MB

Download