24808c8c5026c79ca0dfa979a0b1591d4df20cc67f95b251ae291e90baf6e42d

Analysis

max time kernel
150s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cb4820cf4cdf6da34612b949b979c95.exe
Size

281KB
MD5

7cb4820cf4cdf6da34612b949b979c95
SHA1

df99f0410946fe99dab3004a8d41c8851f0232e8
SHA256

24808c8c5026c79ca0dfa979a0b1591d4df20cc67f95b251ae291e90baf6e42d
SHA512

5897b8601c8f80cf150425524d2f9fbf890acb28a0349ea92f245fbda4ff34fdb318893153a3c520ba727bf6ce2dec5999b16df002e2f5147816fdb3f4f154f0
SSDEEP

3072:R9ZNYpBPXgXPeeUaVfY9BI51P/DI9wabtli5JN2:RpGPXgXPemY9BI5BPaW9

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
224	msa.exe

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3164-1-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-10-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/3164-12004-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-17895-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/3164-27414-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-40473-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-53183-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-64868-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-89645-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-117523-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130415-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130416-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130417-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130418-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130419-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130420-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130421-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130422-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral2/memory/224-130423-0x0000000000400000-0x0000000000469000-memory.dmp	upx

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\msa.exe	7cb4820cf4cdf6da34612b949b979c95.exe
File opened for modification	C:\Windows\msa.exe	7cb4820cf4cdf6da34612b949b979c95.exe
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	msa.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	msa.exe
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	7cb4820cf4cdf6da34612b949b979c95.exe
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	7cb4820cf4cdf6da34612b949b979c95.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\International	msa.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3164	7cb4820cf4cdf6da34612b949b979c95.exe
3164	7cb4820cf4cdf6da34612b949b979c95.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe
224	msa.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
224	msa.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3164 wrote to memory of 224	3164	7cb4820cf4cdf6da34612b949b979c95.exe	74
PID 3164 wrote to memory of 224	3164	7cb4820cf4cdf6da34612b949b979c95.exe	74
PID 3164 wrote to memory of 224	3164	7cb4820cf4cdf6da34612b949b979c95.exe	74

C:\Users\Admin\AppData\Local\Temp\7cb4820cf4cdf6da34612b949b979c95.exe
"C:\Users\Admin\AppData\Local\Temp\7cb4820cf4cdf6da34612b949b979c95.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Windows\msa.exe
  C:\Windows\msa.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

Filesize
362B

MD5
628667d59e2d235cdc9b190c14cff475

SHA1
35c8d4d19dcd7feef43e8a89c9fb80c7b9e114b5

SHA256
db7150687553e3cdc32e1127df0790ff0a8d94a179671e0c95180ac04f46100b

SHA512
d56d9397517f26f268ec4c079c5f1059b1e206fa4cb239ab4dfc2e1517a56a3122d7068d718a9fd8410cd2b84018adfda130008c4edb2ad28e3baeab3adbd8e7

Download Submit
C:\Windows\msa.exe

Filesize
204KB

MD5
06617439a09be3a6851127fa3642c943

SHA1
bf022db97c4154759e230093b691816614e1cb6c

SHA256
61b703d20a2753cb39e0e015b1288c47d9a1663d8bd445664d1408f6f87392a9

SHA512
9a998b14dd1dc15882841231ba206f2f430bd59ec998e1a2a862c547e8c36cc17fcebfdd7066c4d7b2e1178e7721beb836f9e5da5288eacb7a93778421e15dcf

Download Submit
C:\Windows\msa.exe

Filesize
73KB

MD5
76962d9fdbc092a614a39b0b320332d8

SHA1
ce39a0d008357c69790686136dbf2ff92ecde35b

SHA256
1a92446eb586c82d5a0fde67a2532ec24ae06a022fbcce2db9d9127ffabda5e8

SHA512
63d5032e74858f5eccc184667f99978aa283692a38e7d51eae18eb387255210fe4f03ba1e68437d1a4a26e92f60fbc405b4b54ea177fb72da490b65de4e9a311

Download Submit
memory/224-64868-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130419-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-8-0x00000000004F0000-0x00000000004F3000-memory.dmp

Filesize
12KB

Download
memory/224-130423-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130422-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-17895-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130421-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-40473-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-53183-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130420-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-89645-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-117523-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130415-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130416-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130417-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-130418-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/224-10-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3164-0-0x0000000000600000-0x0000000000603000-memory.dmp

Filesize
12KB

Download
memory/3164-27414-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3164-12004-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3164-1-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download