e2ea8236d3a5103f2aed0eaece414dab5bddc5a2dae731884de691d591e1f1c5

Analysis

max time kernel
141s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

299b21f1fd0ef6e0c848deb767570f83.exe
Size

630KB
MD5

299b21f1fd0ef6e0c848deb767570f83
SHA1

56fe6100e6997bef444035ab30c090c4107651b5
SHA256

e2ea8236d3a5103f2aed0eaece414dab5bddc5a2dae731884de691d591e1f1c5
SHA512

e456df0ef1cac0fd3dcfa4012849a0bae2b87def8a36dbd22e40f7aa3280f284fd8b4601b1425f70eab126db20c3f286c5b6a70ed4980a3b335e35e7c1d00734
SSDEEP

12288:A0NPeIMi3W9dvlYrbEkFK6lGVN6foCt3RtgXOK33sUP8FvTspNIge2x7RAUHf9HT:lFMim/var4kFTlG76fttBt4l33IFvTqx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2276-0-0x0000000000400000-0x0000000000596000-memory.dmp	upx
behavioral1/memory/2276-81-0x0000000000400000-0x0000000000596000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	299b21f1fd0ef6e0c848deb767570f83.exe
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	299b21f1fd0ef6e0c848deb767570f83.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	299b21f1fd0ef6e0c848deb767570f83.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2276	299b21f1fd0ef6e0c848deb767570f83.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2276	299b21f1fd0ef6e0c848deb767570f83.exe
2276	299b21f1fd0ef6e0c848deb767570f83.exe

C:\Users\Admin\AppData\Local\Temp\299b21f1fd0ef6e0c848deb767570f83.exe
"C:\Users\Admin\AppData\Local\Temp\299b21f1fd0ef6e0c848deb767570f83.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\index.html

Filesize
11KB

MD5
c070b3e2be54951e620aee1a16048a03

SHA1
859a70bce816b4faafefda2dedeeb015dc2ef4a7

SHA256
c8dc7905594d6c69ee8a101cca21c5dea0bb88848c3a646d82f19fd3dec49873

SHA512
dcca2dee49a7baa8872941bb535330fa5b7a87cf547925a1dc070827958990b217051573349cd6d975adb95ce54eea3f1dec86ada4cc7bf9009efc4edc8fe4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery-ui.min.1.8.0.js

Filesize
202KB

MD5
a4fdd77e182bd2fabe300a47b5617a35

SHA1
e002b335c75b5edefcd251962f61f53a2ab8e0f2

SHA256
8b59592d67eadc703af6cdd5ba8d077f9f9485d01fb6405555614335f89be99b

SHA512
ddcccde1c129f8f71fb39685abc615c4202b8b3dfc12cedd7d9cca2f97b308fc14b64497826421fa9df3d1cf54bdae9c085051af0a8d393cd3d556a6578d4085

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery.min.1.6.4.js

Filesize
89KB

MD5
219073097031d9c1a95a1291d66f3a10

SHA1
2b7996b01d90b7f424f2a2e6063947461db4b2b2

SHA256
232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef

SHA512
9ad2745f96cf79a4d59393cc3fbb3958b244013f6798c12abe41e37fca80df3c7cedab4b47cbd197645c86b31077388ec8f01ea8d67c5feacbef95b1ae7582b5

Download Submit
memory/2276-0-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2276-1-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2276-59-0x0000000004DE0000-0x0000000004E00000-memory.dmp

Filesize
128KB

Download
memory/2276-81-0x0000000000400000-0x0000000000596000-memory.dmp

Filesize
1.6MB

Download
memory/2276-83-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2276-84-0x0000000004DE0000-0x0000000004E00000-memory.dmp

Filesize
128KB

Download