2034ab8f023e6ceb17f647793b81388336561729d4769139a59c8241a7639eaa

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22e7e8c9e92548d8688115e1900470b3.exe
Size

366KB
MD5

22e7e8c9e92548d8688115e1900470b3
SHA1

cf7054bcded31ad2e4028554ede4d26852234c09
SHA256

2034ab8f023e6ceb17f647793b81388336561729d4769139a59c8241a7639eaa
SHA512

2e35c49cedcc1a1284612140e349f8a80f9e6d3226dda81e32a64f05b8a414cffd68989446129584fde349f9e0a5dfb314577f52ab4cdbae3b0c0e00034f27fa
SSDEEP

6144:s1dCFHNTlimVL8t9xPLMarcYAJv0NMiYtwJrtO:saFHVzVyYar760Kmr0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2136-0-0x0000000000A00000-0x0000000000AE7000-memory.dmp	upx
behavioral1/memory/2136-2-0x0000000000A00000-0x0000000000AE7000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	22e7e8c9e92548d8688115e1900470b3.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	22e7e8c9e92548d8688115e1900470b3.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	22e7e8c9e92548d8688115e1900470b3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\22e7e8c9e92548d8688115e1900470b3.exe = "0"	22e7e8c9e92548d8688115e1900470b3.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2136	22e7e8c9e92548d8688115e1900470b3.exe
2136	22e7e8c9e92548d8688115e1900470b3.exe

C:\Users\Admin\AppData\Local\Temp\22e7e8c9e92548d8688115e1900470b3.exe
"C:\Users\Admin\AppData\Local\Temp\22e7e8c9e92548d8688115e1900470b3.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2136-0-0x0000000000A00000-0x0000000000AE7000-memory.dmp

Filesize
924KB

Download
memory/2136-2-0x0000000000A00000-0x0000000000AE7000-memory.dmp

Filesize
924KB

Download