1dad555868fb85e269d9994f68e087f98336f15af08a05d6c23147c13f87ccdd

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75145cfcdc40a1a2ee2551dd30240d1e.exe
Size

182KB
MD5

75145cfcdc40a1a2ee2551dd30240d1e
SHA1

e0e97d6e29595a9a5ac83a2525de7b6e5dcfdc44
SHA256

1dad555868fb85e269d9994f68e087f98336f15af08a05d6c23147c13f87ccdd
SHA512

ded617bc726d202428fcf421363f450a0363f7d9b4467fe66943123877aa3c04e5bda0af38915ba40c723323c28667b34574d5d8376b653c8e9e8dc57523dac3
SSDEEP

3072:iRgUWzXJQ00rdsURPfDVZ4hM3M97DEOeFSwSYU4jUcD2r3Vt:X/u0SmUeCq7DcYw24jPqr3X

Score

7^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2400-0-0x0000000000400000-0x000000000057F000-memory.dmp	upx
behavioral1/memory/2400-13-0x0000000000400000-0x000000000057F000-memory.dmp	upx
behavioral1/memory/2400-23-0x0000000000400000-0x000000000057F000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

Processes:

75145cfcdc40a1a2ee2551dd30240d1e.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Internet Explorer\Main	75145cfcdc40a1a2ee2551dd30240d1e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Application Compatibility\miceasy = "259414296"	75145cfcdc40a1a2ee2551dd30240d1e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Micropop_bob = "1"	75145cfcdc40a1a2ee2551dd30240d1e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD441F9A-8E19-4B53-BD14-91C56E5136DD}	75145cfcdc40a1a2ee2551dd30240d1e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD441F9A-8E19-4B53-BD14-91C56E5136DD}\AppName = "Micropop.exe"	75145cfcdc40a1a2ee2551dd30240d1e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD441F9A-8E19-4B53-BD14-91C56E5136DD}\AppPath = "C:\\Program Files\\Micropop"	75145cfcdc40a1a2ee2551dd30240d1e.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FD441F9A-8E19-4B53-BD14-91C56E5136DD}\Policy = "3"	75145cfcdc40a1a2ee2551dd30240d1e.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

75145cfcdc40a1a2ee2551dd30240d1e.exe

pid process

2400 75145cfcdc40a1a2ee2551dd30240d1e.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

75145cfcdc40a1a2ee2551dd30240d1e.exe

pid	process
2400	75145cfcdc40a1a2ee2551dd30240d1e.exe
2400	75145cfcdc40a1a2ee2551dd30240d1e.exe
2400	75145cfcdc40a1a2ee2551dd30240d1e.exe
2400	75145cfcdc40a1a2ee2551dd30240d1e.exe
2400	75145cfcdc40a1a2ee2551dd30240d1e.exe

C:\Users\Admin\AppData\Local\Temp\75145cfcdc40a1a2ee2551dd30240d1e.exe
"C:\Users\Admin\AppData\Local\Temp\75145cfcdc40a1a2ee2551dd30240d1e.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2400-0-0x0000000000400000-0x000000000057F000-memory.dmp

Filesize
1.5MB

Download
memory/2400-13-0x0000000000400000-0x000000000057F000-memory.dmp

Filesize
1.5MB

Download
memory/2400-23-0x0000000000400000-0x000000000057F000-memory.dmp

Filesize
1.5MB

Download