ec56070cc654a833bc629a0485cfcb40cac87e47690df7ba32427d10002def47

General

Target

3f8479ca54e45caf2376c2819fdc5195.exe
Size

546KB
MD5

3f8479ca54e45caf2376c2819fdc5195
SHA1

7b06bcb1524944d0bf48c86146fb6f17eba354db
SHA256

ec56070cc654a833bc629a0485cfcb40cac87e47690df7ba32427d10002def47
SHA512

4769c3eaf2d2f44810fc3cc373b952d303d4116684c229db71472189fd1c2b124ab43e63ba75bd73cab10d20fe3073562d123e8fa063193670bc796df05c9534
SSDEEP

12288:LiHCHDt9L6qqHATPv78yrWtNmUkH6LzJkXPCQr4bsftMMF9W:Lvjt9LlkyrUNkaLzJkXPPr4bYtMMF8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4424-0-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-1-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-4-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-5-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-6-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-7-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-9-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-10-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-98-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-99-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/2148-102-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/2148-103-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-107-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/2148-109-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/2148-113-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-136-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-137-0x0000000000400000-0x000000000051A000-memory.dmp	upx
behavioral2/memory/4424-146-0x0000000000400000-0x000000000051A000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240801093.log	3f8479ca54e45caf2376c2819fdc5195.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4424	3f8479ca54e45caf2376c2819fdc5195.exe
4424	3f8479ca54e45caf2376c2819fdc5195.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 2148	4424	3f8479ca54e45caf2376c2819fdc5195.exe	97
PID 4424 wrote to memory of 2148	4424	3f8479ca54e45caf2376c2819fdc5195.exe	97
PID 4424 wrote to memory of 2148	4424	3f8479ca54e45caf2376c2819fdc5195.exe	97

C:\Users\Admin\AppData\Local\Temp\3f8479ca54e45caf2376c2819fdc5195.exe
"C:\Users\Admin\AppData\Local\Temp\3f8479ca54e45caf2376c2819fdc5195.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Users\Admin\AppData\Local\Temp\3f8479ca54e45caf2376c2819fdc5195.exe
  "C:\Users\Admin\AppData\Local\Temp\3f8479ca54e45caf2376c2819fdc5195.exe" /_ShowProgress
  2⤵
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240743343\bootstrap_16123.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240743343\css\buttons.css

Filesize
1KB

MD5
f03b9fcc0266083e3230b560e77a9793

SHA1
c3110a2cc7c003c37b9cdb77f57dbd39bc7ae35b

SHA256
dc5536ce2007fbe3f9640900af3598378bd5072cdd221d7772bdf25e90961236

SHA512
6c6c8b924362d24ce7d238a166910b697638fcc4e798684c46191d405ae333a62d7036108aad0816018ca451ebca982a2a95b8795add51a9c3dabc7cf2280959

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240743343\css\main.css

Filesize
3KB

MD5
a57feadde7e5a4d66d498841fe67f10b

SHA1
8f2d54747f7e34b16311e435448a32cf23e6abd1

SHA256
105b507c81b860c617312b3a0371db669a08210351a4d63f390b52b46abf0b40

SHA512
98caddc50e87d1ea43be9c1355c1f116872e341cd28392a6130d027b72db1fff7cde10b7124942bfe750198c3b39df14937ec2ea19a529ec7d06b964ac68c422

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240743343\css\sdk-ui\browse.css

Filesize
318B

MD5
10c359bc980927bb66b215407ece3e66

SHA1
4a2fc034bf7b4e84d832b6bbd9413d2055b9ec62

SHA256
5b12769a75d1c755a284a73e1b8422f73d6223c23b72e5bce698c17f50185aa8

SHA512
ed707c6bbf5023aa147571d9d186e8348b11da6fb462de69e4135480f2e10081c416c80745411752797401660221e2040e624b5a6d3e1a57ba59cdcc009eb16c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240743343\css\sdk-ui\button.css

Filesize
417B

MD5
37e1ff96e084ec201f0d95feef4d5e94

SHA1
4ec405f2668d5d93260525ad916abafa2414cb72

SHA256
8e806f5b94fc294e918503c8053ef1284e4f4b1e02c7da4f4635e33ec33e0534

SHA512
1a8a27a92abe35edaa2c950b130579c92f0d0d87b09971843c39569cf06d407b8e896751e73452676bfad45a363f0b6dd00cb6c5faf33966880539e106b19f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240743343\css\sdk-ui\checkbox.css

Filesize
190B

MD5
64773c6b0e3413c81aebc46cce8c9318

SHA1
50f84ef8331341b48981af82313b146863eba526

SHA256
b09504c1bf0486d3ec46500592b178a3a6c39284672af8815c3687cc3d29560d

SHA512
03e96bef74c0b3a31124c3d3c1bb78af1053a8719ca373c6b9316d63bac9545c1f4ecc2d747eb64341d8da31bc0f23da094e19c3e07ed46f65c28dc88e13bd3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240743343\css\sdk-ui\progress-bar.css

Filesize
501B

MD5
5ccd1d0dc39bb6ae4cd6b58f0b310eb0

SHA1
da659b6a37b18c26a8f7342f93c03fe649ab6344

SHA256
65246150423f8ef670f831b5a2ce1e924adc90e3bfbcce41e9fedbd1df8d27ff

SHA512
02f8eca06c0b8e69268c6aa1487ecf3a9024bce9ce757f2ac1b961df421d9121762f5f5abd5d00228f3a7416b2f21adb3a675114b32263b02fdfee9e0bd48781

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240743343\images\progress-bg.png

Filesize
2KB

MD5
32a6846fe53388eb03be3ada2221297f

SHA1
1c1baec7b7fe7a420ccf68d3112384b44f8ba89e

SHA256
5c6d20c98c106bc6df49447b9939a90ba6a5e3c20d89ca0621677a7501bdb127

SHA512
79c4f3a72467b61c27d6e93415bae3fc61a9fde62aae4202ba8ed1de6328f5facc48092bfe57db70338a0a4b50f571d501eed04aed8b047d20aa28ee7446ce98

Download Submit
memory/2148-103-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2148-102-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2148-113-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2148-109-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/2148-104-0x00000000008E0000-0x00000000008E1000-memory.dmp

Filesize
4KB

Download
memory/4424-0-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-8-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4424-100-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/4424-107-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-99-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-9-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-98-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-10-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-7-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-6-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-5-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-4-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-1-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-136-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-137-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download
memory/4424-146-0x0000000000400000-0x000000000051A000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing