2f26774fc145b9aa2a846c77fb7af12119958fea5789984d59da92708965c3b6

General

Target

4b76ad3362d42550d71719c768f004ce.exe
Size

544KB
MD5

4b76ad3362d42550d71719c768f004ce
SHA1

8348e380e48db0901cf596e7799a3a34bac3ed2f
SHA256

2f26774fc145b9aa2a846c77fb7af12119958fea5789984d59da92708965c3b6
SHA512

7f5a8195b13f050cd03c43a5833ac716042bad658c3f56bda9407508086f973a9ba4d4287653bf83e135df8dabdc1f8978f51a7fd08b6ef4af01f26fce75bf56
SSDEEP

12288:VNsLtlk5eiEXgiplsvu6nitvwFV+HbmK2CuMit8IxynWm4:OlKjK25nixKibIRv64

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2928	4b76ad3362d42550d71719c768f004ce.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2928-1-0x0000000000400000-0x0000000000518000-memory.dmp	upx
behavioral1/memory/2928-2-0x0000000000400000-0x0000000000518000-memory.dmp	upx
behavioral1/files/0x0007000000015cf2-110.dat	upx
behavioral1/memory/2928-141-0x0000000000400000-0x0000000000518000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	4b76ad3362d42550d71719c768f004ce.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2928	4b76ad3362d42550d71719c768f004ce.exe
2928	4b76ad3362d42550d71719c768f004ce.exe

C:\Users\Admin\AppData\Local\Temp\4b76ad3362d42550d71719c768f004ce.exe
"C:\Users\Admin\AppData\Local\Temp\4b76ad3362d42550d71719c768f004ce.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259393283\bootstrap_18566.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259393283\css\main.css

Filesize
4KB

MD5
ceec7ef9d2b2161421b843782577ba15

SHA1
5047d0eafd3d0501a558d8e519b6543ccc04b8b2

SHA256
aa312ebaf436cb8a041a42c446e2b1509b97337a0968a2d7fee22444b02bb906

SHA512
342abbb19274ca479cda9c8976f14fcf639d2ae09ee14d17593f5cc4089db38b4f797e636f941ef0cbe6ca0312fb69d2e074e4550d4120dfbdd8f767b8d566d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259393283\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259393283\images\BG.jpg

Filesize
35KB

MD5
dcf8583e3cbc79d7cbe4124b8239edf6

SHA1
02ab666f2d383f7576a102e187e170ee90042d09

SHA256
2f1051de724651d5f7c80285172d7ba06c57aee132a8b77b3831a7e4a5b9986c

SHA512
6fc46e763acdb9a783ac9dac03c9a3994484b3b5268e385da902d95b4841d6371721553291b5b5a00fc011b711781247a9a949606b38d9f0ace512e5d502c904

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259393283\images\Close.png

Filesize
961B

MD5
13e974317abaf08aa7aad7dc164d8ac0

SHA1
9b77f078f4221312d17baa00fbaedabbbb76cd55

SHA256
9bdc0a4226491ffc64c7f23c384d04ca2403952519bf44478ea01184b4eeca8b

SHA512
32d092d04a381328fcbe6ce89f4e21a8134c380417a36905de76eb6e48115c519a89026f82aa55eb6d334c7bef2232d083700a2f73f92cb5e6c0d8a648cc2951

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259393283\images\Games_Pics.jpg

Filesize
12KB

MD5
7208763bb45e5cd23305c00aacbc1981

SHA1
e575eccd6664e40f1a012d446a5046c4eb471729

SHA256
bdf98681a3e74856a14d5d0857ed434afaa82afacaab9d0ca87f863ae8b2a585

SHA512
153399a452b14b2aafef3cb43748d62f60bd2d1865860d819308ca35dd6b84e8ee54f3bf7b7053144d04fc3ab5efb8a2c61ae4885f9b7152025a6e405d740a6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259393283\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
\Users\Admin\AppData\Local\Temp\ICReinstall_4b76ad3362d42550d71719c768f004ce.exe

Filesize
544KB

MD5
4b76ad3362d42550d71719c768f004ce

SHA1
8348e380e48db0901cf596e7799a3a34bac3ed2f

SHA256
2f26774fc145b9aa2a846c77fb7af12119958fea5789984d59da92708965c3b6

SHA512
7f5a8195b13f050cd03c43a5833ac716042bad658c3f56bda9407508086f973a9ba4d4287653bf83e135df8dabdc1f8978f51a7fd08b6ef4af01f26fce75bf56

Download Submit
memory/2928-2-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2928-54-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2928-114-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download
memory/2928-1-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2928-141-0x0000000000400000-0x0000000000518000-memory.dmp

Filesize
1.1MB

Download
memory/2928-143-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2928-144-0x0000000002040000-0x0000000002050000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing