617a5e8c63c909f2f0729d8f295d05289388843c972b01e848227aaeafb0bf1f

Analysis

max time kernel
155s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

394f32ae0525f0e2f7707ef96b749e9a.exe
Size

533KB
MD5

394f32ae0525f0e2f7707ef96b749e9a
SHA1

db27204c37b6f96ce52634dddb0827048adf0dc0
SHA256

617a5e8c63c909f2f0729d8f295d05289388843c972b01e848227aaeafb0bf1f
SHA512

31071be6f09bd58006ee15a65ceb71983959ab2eeb049f4aaaf697c5190c6bfc6b4ee727c3d02dd6214f5a3ebb20e88d94a3b67f28f931c46578fcfbf83ff2e4
SSDEEP

12288:1MQCIn8z0aZKVNtSUnI+152EsGEuQKaY2:UZKVHSUjiGRQKaF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1920-0-0x0000000000400000-0x0000000000516000-memory.dmp	upx
behavioral2/memory/1920-2-0x0000000000400000-0x0000000000516000-memory.dmp	upx
behavioral2/memory/1920-1-0x0000000000400000-0x0000000000516000-memory.dmp	upx
behavioral2/memory/1920-132-0x0000000000400000-0x0000000000516000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1920	394f32ae0525f0e2f7707ef96b749e9a.exe
1920	394f32ae0525f0e2f7707ef96b749e9a.exe

C:\Users\Admin\AppData\Local\Temp\394f32ae0525f0e2f7707ef96b749e9a.exe
"C:\Users\Admin\AppData\Local\Temp\394f32ae0525f0e2f7707ef96b749e9a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240628578\bootstrap_3336.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\css\main.css

Filesize
3KB

MD5
2f7dee4fb13f88b95187133bfc182507

SHA1
990051b4f6ed8ba68b77d661d52c1a7a917071ad

SHA256
df389cd56ec3790775036c1da04b1b1d4afd8e14c21d255f17fe42c8f97663e7

SHA512
8343992a2a7277b57a3c1eab1ca1e8c188022c7f2c79f24f078399c5868fb4e32da42aabbd62ffba76efc3518f6ff16d3b74810bb7ebdc3bd48debd4515bf2bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\BG.png

Filesize
11KB

MD5
dd2a1a4bae8974f5f0c490b955172710

SHA1
5b3e633497febc1c7dc452dc327bb86be1ff75c2

SHA256
6fd272525f25274225d46fbaa8ef3bae86265b092ef7166ea31d592c26d06027

SHA512
6b9fcfb36621167caf3d5b6926ff261bb1e3cdb39c0b02bab0373cfbcfdea342c932d2d5e673912ce1b1ef931d38d265554ba1962792e17756282b83316d4450

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\Close.png

Filesize
961B

MD5
13e974317abaf08aa7aad7dc164d8ac0

SHA1
9b77f078f4221312d17baa00fbaedabbbb76cd55

SHA256
9bdc0a4226491ffc64c7f23c384d04ca2403952519bf44478ea01184b4eeca8b

SHA512
32d092d04a381328fcbe6ce89f4e21a8134c380417a36905de76eb6e48115c519a89026f82aa55eb6d334c7bef2232d083700a2f73f92cb5e6c0d8a648cc2951

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\Color_Button.png

Filesize
1KB

MD5
f248c843c57f4c6d1dcfb03385f7d212

SHA1
f416a4509e0831edbff16140961198073fec397e

SHA256
d5d069f49da22f9f15c3ae14abdefb6303e712489c8c50e097fe4b5c8e17ff24

SHA512
88cf82f1ac196112959773f2c5f715ed48eaf2a184b90b9793cad2d27bb0022632885dfd54149ec9b62bdf8e3dcf1aba2f161d3f8b3f37e3835c57c431e71643

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\Games_Pics.jpg

Filesize
12KB

MD5
3d508e41c8e160e70b4f2e1a9a66b1bc

SHA1
900e64092e3849cf54bf61957e78d4d78faf612f

SHA256
1ca7924ab528b00d5508b442f15288043448a63f2860307253019d901f4f9d82

SHA512
40b0a138df819c09d8fd2b551cd4e5ee02480a6630f77676e52e4b48587447fc323d4d95553e6309e43f4abac9fb0a7f9e91632be50cd878fc870e395f0c6547

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\Gray_Button.png

Filesize
1KB

MD5
35800b05c4334c3a5cddf4260ac9d4b9

SHA1
54affc5d79378b688b64171c03434abe83b5c6c6

SHA256
d36de61d654cccf61b8767923efaecfea8b79e013aa0d0d1b832d23b9ab811ea

SHA512
76eeb5bb528949fcc5baa327463459d99991823c2ab5aa82366c797d74ac0db9b5bb5b8d5a55ee73990e0c1b0c3074f9ad09ccbf4ac19ec4737dd97d8687ba7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\Progress.png

Filesize
461B

MD5
39d7639ef1e1db7099179cebecda726c

SHA1
3b65fe5142fed1478bd65cacc5bec45570b4b3a5

SHA256
a33d18689c5cd3661a9723b17f0d6f33672c1aed2429998b8d39bc4b7b19abea

SHA512
a8f7d08cb7c4a933075740f4db356e208b6c3eb2baa4c597d7739d0f302abea4fc3a8180181b66828c363407f8dbbc2ba7b6d68791e383f7dc3cd0e02353cf96

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\ProgressBar.png

Filesize
477B

MD5
830234f26fce01833c8f74f1829d7717

SHA1
38207d8cbf96b4e1a7d6182b7da4b25c31e538dc

SHA256
fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2

SHA512
f4ab75c710c1eb287002a6640e0ec4c5061d2e921a49d1b5b37be5e83c217d77536a5754cca3b57d446c663b402377280c283d99d6b6667eaa7ff38b8a2e49e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240628578\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
memory/1920-3-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download
memory/1920-0-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/1920-1-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/1920-2-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/1920-132-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/1920-134-0x00000000006F0000-0x00000000006F1000-memory.dmp

Filesize
4KB

Download