19d25a06ce26221835a1218f02019c79d0d861e0dd356d6b6984e40c8feaf04d

Analysis

max time kernel
173s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0034f534a9069e5013e4dab037a7ba62.exe
Size

29KB
MD5

0034f534a9069e5013e4dab037a7ba62
SHA1

3947073dd1298a7a79f439ba66322707f2b15adc
SHA256

19d25a06ce26221835a1218f02019c79d0d861e0dd356d6b6984e40c8feaf04d
SHA512

d5b1b1241c2035bb8734631b5067c0573fc4b22cb920c270dab393433920d49104cfa51a899828c23b9059469558fecab867daff06a695c3933fb79d97661244
SSDEEP

768:Pp+TFQT2nJnqvEAChzAZw/8y/UnBaWwhwjxSJ6t:PgTFI2nlqvoZ6n4vw

Score

8^/10

adware persistence stealer upx

Malware Config

Signatures

Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1547.001

Modify Registry
T1112

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4980-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4980-1-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4980-4-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4980-6-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	0034f534a9069e5013e4dab037a7ba62.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	0034f534a9069e5013e4dab037a7ba62.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\smseckec.dll	0034f534a9069e5013e4dab037a7ba62.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar	0034f534a9069e5013e4dab037a7ba62.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 3136	4980	0034f534a9069e5013e4dab037a7ba62.exe	96
PID 4980 wrote to memory of 3136	4980	0034f534a9069e5013e4dab037a7ba62.exe	96
PID 4980 wrote to memory of 3136	4980	0034f534a9069e5013e4dab037a7ba62.exe	96

C:\Users\Admin\AppData\Local\Temp\0034f534a9069e5013e4dab037a7ba62.exe
"C:\Users\Admin\AppData\Local\Temp\0034f534a9069e5013e4dab037a7ba62.exe"
1⤵
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c preved.bat
  2⤵
  PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\preved.bat

Filesize
215B

MD5
faf9a5e687ac0278519c742f7c6405d2

SHA1
a0d70c8af2e130a2eac2691b193a3e106a000305

SHA256
cfd98f8e2e5bc6255a8d01cd0fa34439bc63bd1e271d5404d454c4ef8a4ce581

SHA512
1e0dbcc842e1b337fab41e52bab257e373b34e3094fff13c773f8728f4a01e5cd334296a89be3226101a282564a55476a080957aa89af4505b9f21dcfb671f8a

Download Submit
memory/4980-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4980-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4980-4-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4980-6-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads