b7cc55fd7f8a2f628ce5aa5d9df8e6252bb33d321e80669f43de4a51c7b51fc0

Analysis

max time kernel
16s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

123924d685dabccf6e5fb2513a51df6b.exe
Size

1.8MB
MD5

123924d685dabccf6e5fb2513a51df6b
SHA1

53cc385c9af66ebc6c1c9fb4be61378c849a88ad
SHA256

b7cc55fd7f8a2f628ce5aa5d9df8e6252bb33d321e80669f43de4a51c7b51fc0
SHA512

6b7a046d09f1f11620f16e4db16f566f247dcdf5465eb08aa9c0dd221c0182481e8f74a2280809a1837daf8bd0eecac4e748ea928c0d71c8c1a7fd9f27e985cf
SSDEEP

49152:EgEZyN6/pMm1Xcd+gjxu29nx2nNRIxedlyL:uZId4NRNS

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2360	explore.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000900000001225b-8.dat	upx
behavioral1/memory/2360-10-0x0000000000400000-0x0000000000DEA000-memory.dmp	upx
behavioral1/files/0x000900000001225b-6.dat	upx
behavioral1/memory/2360-15-0x0000000000400000-0x0000000000DEA000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\explore.exe	123924d685dabccf6e5fb2513a51df6b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TypedURLs	explore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1944	123924d685dabccf6e5fb2513a51df6b.exe
2360	explore.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2360	1944	123924d685dabccf6e5fb2513a51df6b.exe	28
PID 1944 wrote to memory of 2360	1944	123924d685dabccf6e5fb2513a51df6b.exe	28
PID 1944 wrote to memory of 2360	1944	123924d685dabccf6e5fb2513a51df6b.exe	28
PID 1944 wrote to memory of 2360	1944	123924d685dabccf6e5fb2513a51df6b.exe	28

C:\Users\Admin\AppData\Local\Temp\123924d685dabccf6e5fb2513a51df6b.exe
"C:\Users\Admin\AppData\Local\Temp\123924d685dabccf6e5fb2513a51df6b.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\explore.exe
  "C:\Windows\explore.exe"
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\explore.exe

Filesize
14KB

MD5
bc02cc18bdc08055e862d35ded16b8a1

SHA1
1baa08acdb857fbf97f272ab050e4b782c0757e8

SHA256
921586cd87d2df26569eddda6903a1116f6495f601529d905a11726dfb1484d0

SHA512
aea402dfd117b5dd89dfe113a3a39a5b465a84353c7f55e32a77c728938a4822ab214f7df06e40921c9e9402e9ce11f21d24e4d7a03ba2700dc24f46dab9f65c

Download Submit
C:\Windows\explore.exe

Filesize
4KB

MD5
783891df0e4512004eb807e5a86f8ac9

SHA1
20d9cfaa5653c82b104312bb070d31524cbeb760

SHA256
7c848aa401744fa436b0430204c9c796f1c4efc0bc55c2fb89a19df94c2cb272

SHA512
54207af217883bcd33174c5b6be76dd4410aa03744fa8cd1db658529e3cdeb0e9b2f57bc03369fff5ee130fe8aa528bb50cec7dbfc0fd47744b26ec4c75a64e6

Download Submit
memory/1944-9-0x00000000040B0000-0x0000000004A9A000-memory.dmp

Filesize
9.9MB

Download
memory/2360-10-0x0000000000400000-0x0000000000DEA000-memory.dmp

Filesize
9.9MB

Download
memory/2360-11-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2360-14-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

Filesize
4KB

Download
memory/2360-15-0x0000000000400000-0x0000000000DEA000-memory.dmp

Filesize
9.9MB

Download
memory/2360-17-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2360-18-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

Filesize
4KB

Download