Analysis

  • max time kernel
    12s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/01/2024, 19:36

General

  • Target

    adec6573d4a87df78f8ea430d653b6f7.exe

  • Size

    229KB

  • MD5

    adec6573d4a87df78f8ea430d653b6f7

  • SHA1

    53b473b878de6ca4690724fedb6a7a298ccd1a7d

  • SHA256

    75c2eae351fa0ea16b7213637ee0fcbe02f09504893a964906238a264e7f054a

  • SHA512

    a434897f4bee4e78d7f238f40201193110ffc13b283c2373b6e562731a4a6c30a72b9a65046c5cdf69d535bf2dfabc12bfb5736a4f4970dab93c71178079da27

  • SSDEEP

    3072:VeyMPsEA4KzMWOBImM9uCu9i7kWgIwYYWQRJNjirveLd0maoutj:IsEA4KzMWOBI19uCu9i7kWgZaoS

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\adec6573d4a87df78f8ea430d653b6f7.exe
    "C:\Users\Admin\AppData\Local\Temp\adec6573d4a87df78f8ea430d653b6f7.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4432
    • C:\Users\Admin\E696D64614\winlogon.exe
      "C:\Users\Admin\E696D64614\winlogon.exe"
      2⤵
        PID:1196
        • C:\Users\Admin\E696D64614\winlogon.exe
          "C:\Users\Admin\E696D64614\winlogon.exe"
          3⤵
            PID:2064
      • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
        "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
        1⤵
          PID:5020
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
            PID:1772
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1772 CREDAT:17410 /prefetch:2
              2⤵
                PID:1712

            Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7M18SFQ7\photos.google[1].xml

                    Filesize

                    17B

                    MD5

                    3ff4d575d1d04c3b54f67a6310f2fc95

                    SHA1

                    1308937c1a46e6c331d5456bcd4b2182dc444040

                    SHA256

                    021a5868b6c9e8beba07848ba30586c693f87ac02ee2ccaa0f26b7163c0c6b44

                    SHA512

                    2b26501c4bf86ed66e941735c49ac445d683ad49ed94c5d87cc96228081ae2c8f4a8f44a2a5276b9f4b0962decfce6b9eeee38e42262ce8d865d5df0df7ec3d6

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\counter[1].js

                    Filesize

                    40KB

                    MD5

                    9e33acb5cab6802df44887bd6df31416

                    SHA1

                    f96f235aeccf43da8e795c291f3a3c1390d8f377

                    SHA256

                    ca02d1a91f43d6b8c5d8d127d04e95afb736ae1779577bde0a6f0641cc4f4893

                    SHA512

                    a6cd85df3e64c7b7b462dd07025563f5ccf4c8b98394ba0d31e9705fc933ee89e1c13874b11f428c090179ebc70bfbe2728a92a8b56fa5a58253cbb7793fe333

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\webworker[1].js

                    Filesize

                    102B

                    MD5

                    74a981e3aaaa1f7200e5f87b03883703

                    SHA1

                    22cf9554c2d813a219b2982ae769695119ac1092

                    SHA256

                    55052d853a3f144505dc773ef237ac838af312c0180ff293f7cf1a3847345eab

                    SHA512

                    0e3190f7e3de1b0127001342b33bcd3f23ad1bf113fea94a97f9d4a59c9c6bfeec61a5889bb69fb0d16bded2656529dffd69e48d4a4b32e436346772d7d8fbf2

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

                    Filesize

                    34KB

                    MD5

                    4d88404f733741eaacfda2e318840a98

                    SHA1

                    49e0f3d32666ac36205f84ac7457030ca0a9d95f

                    SHA256

                    b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1

                    SHA512

                    2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf

                    Filesize

                    34KB

                    MD5

                    4d99b85fa964307056c1410f78f51439

                    SHA1

                    f8e30a1a61011f1ee42435d7e18ba7e21d4ee894

                    SHA256

                    01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0

                    SHA512

                    13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\KFOmCnqEu92Fr1Mu4mxP[1].ttf

                    Filesize

                    34KB

                    MD5

                    372d0cc3288fe8e97df49742baefce90

                    SHA1

                    754d9eaa4a009c42e8d6d40c632a1dad6d44ec21

                    SHA256

                    466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f

                    SHA512

                    8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\js[1].js

                    Filesize

                    243KB

                    MD5

                    5ab8b0238271bbbbaa535096da7e854d

                    SHA1

                    978c3acc5c1c23147bfaadeffc99e124f43cd6be

                    SHA256

                    f09f790f91807f1480f015b3130240afeef476417b412d670b5f9ed7748fc520

                    SHA512

                    f37b13403a308c41d251e3409391ad85f92d41e16b8b97d1b5b09a0c8ccb2a64891c2cd2a8a2e63ee6eba810e3a022a88b3e170e6c139b8edfd85342aeed97d7

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\xUSKbXqocTPwo3RspD7uVldcgi_KkGuO0Izsc1rniEk[1].js

                    Filesize

                    23KB

                    MD5

                    b476ff2653f6129fa32e065c886ef15f

                    SHA1

                    01856f5cf0476ffa135218ccbf7563210c4d585f

                    SHA256

                    c5448a6d7aa87133f0a3746ca43eee56575c822fca906b8ed08cec735ae78849

                    SHA512

                    112d5fcce59ab4ecee6fdb9fb91cd04bbba3ac76dd0ffd1d9d6e3a10a556af47fa2b6ab00542497403c0c4c08ec7619a7dd7dfdc2e5843516b4c8cbe7457442f

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q9YQXK50\analytics[1].js

                    Filesize

                    51KB

                    MD5

                    575b5480531da4d14e7453e2016fe0bc

                    SHA1

                    e5c5f3134fe29e60b591c87ea85951f0aea36ee1

                    SHA256

                    de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

                    SHA512

                    174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Q9YQXK50\main[1].js

                    Filesize

                    7KB

                    MD5

                    22d2bac8813c8f318869d1df91747b22

                    SHA1

                    bc3c6f50397f93c5ecc0a6c8bb8ec9e232359ab2

                    SHA256

                    1c85d4341343f71764a7c55a05ae353e7af3ab5adaddb0f702244c8b3eea8df1

                    SHA512

                    f46f09e8c2b1f100e6a990319184a8fb9cdfbee96b51ef5ad618fd707fe75e27295d121bde1ad061c6847b0a15b33bb46c045028d127484f32d529afd808434c

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\d[1]

                    Filesize

                    23KB

                    MD5

                    ef76c804c0bc0cb9a96e9b3200b50da5

                    SHA1

                    efadb4f24bc5ba2d66c9bf4d76ef71b1b0fde954

                    SHA256

                    30024e76936a08c73e918f80e327fff82ee1bd1a25f31f9fce88b4b4d546055d

                    SHA512

                    735b6470e4639e2d13d6b8247e948dbd6082650902a9441b439ceacc4dfce12cd6c9840ee4c4dcb8a8f1e22adb80968f63ace0c0051811a8d6d1afb2b3c68d74

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\script[1].js

                    Filesize

                    9KB

                    MD5

                    defee0a43f53c0bd24b5420db2325418

                    SHA1

                    55e3fdbced6fb04f1a2a664209f6117110b206f3

                    SHA256

                    c1f8e55b298dc653477b557d4d9ef04951b3b8ba8362a836c54e2db10cda4d09

                    SHA512

                    33d1a6753a32ec06dcfc07637e9654af9321fe9fa2590efc70893eb58c8603505f2be69084fb2bcbf929218c4e7df9f7a8bc3f17a5b41ed38c4d8645296ebab5

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VH9W14NQ\styles__ltr[1].css

                    Filesize

                    55KB

                    MD5

                    eb4bc511f79f7a1573b45f5775b3a99b

                    SHA1

                    d910fb51ad7316aa54f055079374574698e74b35

                    SHA256

                    7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

                    SHA512

                    ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

                  • memory/1196-18-0x0000000000400000-0x000000000044B000-memory.dmp

                    Filesize

                    300KB

                  • memory/1196-29-0x0000000000400000-0x000000000044B000-memory.dmp

                    Filesize

                    300KB

                  • memory/2064-25-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-23-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-28-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-162-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-24-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-30-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-417-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-20-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-408-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-114-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-259-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/2064-358-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                  • memory/4432-1-0x0000000000400000-0x000000000044B000-memory.dmp

                    Filesize

                    300KB

                  • memory/4432-19-0x0000000000400000-0x000000000044B000-memory.dmp

                    Filesize

                    300KB

                  • memory/4432-0-0x0000000000400000-0x000000000044B000-memory.dmp

                    Filesize

                    300KB