5bd9efb0e25f04675e29f5628d23f3fd94ba3fb3920c1bc3a65ab99a26c6003e

Analysis

max time kernel
141s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 00:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

219ca6e613725f53de9b10c78f678bbd.exe
Size

521KB
MD5

219ca6e613725f53de9b10c78f678bbd
SHA1

33f5d08c5612a137dbde3387ae623d6075f5a0fb
SHA256

5bd9efb0e25f04675e29f5628d23f3fd94ba3fb3920c1bc3a65ab99a26c6003e
SHA512

cd953146050dae349ee6b0bd451e51ddd465e9ebeab1861a195e017f6f2d5853bccd54431b8c31422699d03897ae554c434580218f9b64892378747fdfb63122
SSDEEP

12288:yUjvK/Y9bVy6eL1TptQydOdEnQdFg45pdnXvLf0vHUkl4nirzYvVj:1rVReLrOdEmC2970v0kl4ngON

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1732	219ca6e613725f53de9b10c78f678bbd.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1732-0-0x0000000000400000-0x0000000000512000-memory.dmp	upx
behavioral1/memory/1732-1-0x0000000000400000-0x0000000000512000-memory.dmp	upx
behavioral1/memory/1732-2-0x0000000000400000-0x0000000000512000-memory.dmp	upx
behavioral1/memory/1732-141-0x0000000000400000-0x0000000000512000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	219ca6e613725f53de9b10c78f678bbd.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1732	219ca6e613725f53de9b10c78f678bbd.exe
1732	219ca6e613725f53de9b10c78f678bbd.exe

C:\Users\Admin\AppData\Local\Temp\219ca6e613725f53de9b10c78f678bbd.exe
"C:\Users\Admin\AppData\Local\Temp\219ca6e613725f53de9b10c78f678bbd.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish259390412\bootstrap_44232.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\css\main.css

Filesize
3KB

MD5
9d2cd10aec391ba3dfd72b0fbb63242f

SHA1
e2a6329fcf09fb394277cd3a0a27383cfa545e90

SHA256
1ac37feedc0f9d50d13b25d5d0a55cd607bb5bdaa0418f429dd4daefe527d14e

SHA512
af663b88010b2eeda3a413118b63d0e4662bda9e5ec238bd927297498e7192ac75e90718650ac7543cf58656130484b5fe122d2cecd2bb51c10d09824d461858

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\BG.png

Filesize
11KB

MD5
dd2a1a4bae8974f5f0c490b955172710

SHA1
5b3e633497febc1c7dc452dc327bb86be1ff75c2

SHA256
6fd272525f25274225d46fbaa8ef3bae86265b092ef7166ea31d592c26d06027

SHA512
6b9fcfb36621167caf3d5b6926ff261bb1e3cdb39c0b02bab0373cfbcfdea342c932d2d5e673912ce1b1ef931d38d265554ba1962792e17756282b83316d4450

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\Close.png

Filesize
961B

MD5
13e974317abaf08aa7aad7dc164d8ac0

SHA1
9b77f078f4221312d17baa00fbaedabbbb76cd55

SHA256
9bdc0a4226491ffc64c7f23c384d04ca2403952519bf44478ea01184b4eeca8b

SHA512
32d092d04a381328fcbe6ce89f4e21a8134c380417a36905de76eb6e48115c519a89026f82aa55eb6d334c7bef2232d083700a2f73f92cb5e6c0d8a648cc2951

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\Color_Button.png

Filesize
1KB

MD5
f248c843c57f4c6d1dcfb03385f7d212

SHA1
f416a4509e0831edbff16140961198073fec397e

SHA256
d5d069f49da22f9f15c3ae14abdefb6303e712489c8c50e097fe4b5c8e17ff24

SHA512
88cf82f1ac196112959773f2c5f715ed48eaf2a184b90b9793cad2d27bb0022632885dfd54149ec9b62bdf8e3dcf1aba2f161d3f8b3f37e3835c57c431e71643

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\Games_Pics.jpg

Filesize
12KB

MD5
3d508e41c8e160e70b4f2e1a9a66b1bc

SHA1
900e64092e3849cf54bf61957e78d4d78faf612f

SHA256
1ca7924ab528b00d5508b442f15288043448a63f2860307253019d901f4f9d82

SHA512
40b0a138df819c09d8fd2b551cd4e5ee02480a6630f77676e52e4b48587447fc323d4d95553e6309e43f4abac9fb0a7f9e91632be50cd878fc870e395f0c6547

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\Gray_Button.png

Filesize
1KB

MD5
35800b05c4334c3a5cddf4260ac9d4b9

SHA1
54affc5d79378b688b64171c03434abe83b5c6c6

SHA256
d36de61d654cccf61b8767923efaecfea8b79e013aa0d0d1b832d23b9ab811ea

SHA512
76eeb5bb528949fcc5baa327463459d99991823c2ab5aa82366c797d74ac0db9b5bb5b8d5a55ee73990e0c1b0c3074f9ad09ccbf4ac19ec4737dd97d8687ba7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\Progress.png

Filesize
461B

MD5
39d7639ef1e1db7099179cebecda726c

SHA1
3b65fe5142fed1478bd65cacc5bec45570b4b3a5

SHA256
a33d18689c5cd3661a9723b17f0d6f33672c1aed2429998b8d39bc4b7b19abea

SHA512
a8f7d08cb7c4a933075740f4db356e208b6c3eb2baa4c597d7739d0f302abea4fc3a8180181b66828c363407f8dbbc2ba7b6d68791e383f7dc3cd0e02353cf96

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\ProgressBar.png

Filesize
477B

MD5
830234f26fce01833c8f74f1829d7717

SHA1
38207d8cbf96b4e1a7d6182b7da4b25c31e538dc

SHA256
fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2

SHA512
f4ab75c710c1eb287002a6640e0ec4c5061d2e921a49d1b5b37be5e83c217d77536a5754cca3b57d446c663b402377280c283d99d6b6667eaa7ff38b8a2e49e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish259390412\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
memory/1732-0-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/1732-112-0x0000000002000000-0x0000000002010000-memory.dmp

Filesize
64KB

Download
memory/1732-3-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1732-2-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/1732-1-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/1732-141-0x0000000000400000-0x0000000000512000-memory.dmp

Filesize
1.1MB

Download
memory/1732-143-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1732-144-0x0000000002000000-0x0000000002010000-memory.dmp

Filesize
64KB

Download