209f308b71d32f8701495a15e6bf9f4bd72b86908f4f90ade3313de2f9b6356c

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7509183d1ad4c19d8dbb25f68274077a.exe
Size

381KB
MD5

7509183d1ad4c19d8dbb25f68274077a
SHA1

93823e6ccffd59349306186eb20e716e457f9724
SHA256

209f308b71d32f8701495a15e6bf9f4bd72b86908f4f90ade3313de2f9b6356c
SHA512

53da6bf419a37560fa8461ff625227fae0ea7770de05f6139a4b1dc03857cfad3e7a1869b5c81ce12c8f5475fe5b9b701daf3e3312b40fe000c5d04bd36670cd
SSDEEP

6144:Jfxjxvjpe238JMJRMVkvkcyc65DECBe2UQB343iTYOGQKnO+4zxbOs5:JfnbsJiRQf9VnBe2U8ISUZQB+kbX5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2384-0-0x0000000000400000-0x0000000000503000-memory.dmp	upx
behavioral1/memory/2384-16-0x0000000000400000-0x0000000000503000-memory.dmp	upx
behavioral1/memory/2384-18-0x0000000000400000-0x0000000000503000-memory.dmp	upx
behavioral1/memory/2384-28-0x0000000000400000-0x0000000000503000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

7509183d1ad4c19d8dbb25f68274077a.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	7509183d1ad4c19d8dbb25f68274077a.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

7509183d1ad4c19d8dbb25f68274077a.exe

pid	process
2384	7509183d1ad4c19d8dbb25f68274077a.exe
2384	7509183d1ad4c19d8dbb25f68274077a.exe
2384	7509183d1ad4c19d8dbb25f68274077a.exe
2384	7509183d1ad4c19d8dbb25f68274077a.exe
2384	7509183d1ad4c19d8dbb25f68274077a.exe
2384	7509183d1ad4c19d8dbb25f68274077a.exe

C:\Users\Admin\AppData\Local\Temp\7509183d1ad4c19d8dbb25f68274077a.exe
"C:\Users\Admin\AppData\Local\Temp\7509183d1ad4c19d8dbb25f68274077a.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2384

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\7509183d1ad4c19d8dbb25f68274077a.data
Filesize
882B

MD5
9e2ea9a34121b06c21ac4119df87bbe3

SHA1
46ce1d1cf133f1f0f62bc90881e05ff6a6972127

SHA256
a7d0268ce9abdead9fa96bd5d5bc5a5f3496508343ac387ed478977cc7272c21

SHA512
fb5fb9073417abf6d55b23284a46cea8d65f0c09b3b9e11beed828e76f26caf791077324ad23552b625f91778fe56852678a629c425c1c5c0451bc6fc710bb4b

Download Submit
memory/2384-0-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/2384-16-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/2384-18-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download
memory/2384-28-0x0000000000400000-0x0000000000503000-memory.dmp

Filesize
1.0MB

Download