22e294acbfc3c970377bd8013f38813cdd85c088563225114d220a6a5001b133

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

965f6b9ca8b4d758414dfcdb5c14d6cf.exe
Size

666KB
MD5

965f6b9ca8b4d758414dfcdb5c14d6cf
SHA1

43302f4a7ee04e4f6bcb8e9a7cc0530152b18d36
SHA256

22e294acbfc3c970377bd8013f38813cdd85c088563225114d220a6a5001b133
SHA512

8b1e62442f626fbacd3930ef75084f4f804baf75235f317cffad543cc2268ff58e8d6041f6863f9d7884595a7cdfba43c774a873ee3bbfb26df1f8ce793cc4c1
SSDEEP

12288:DbDqEkMs4q48IAeP0PifTEurPbvdqJplapLWTICNIYPKMTWN4t4OAUw91zRwIMft:DXbs48LeP0P8E6dclWLi26KGOqMwIMV

Score

7^/10

discovery upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	965f6b9ca8b4d758414dfcdb5c14d6cf.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x0000000000400000-0x00000000005C7000-memory.dmp	upx
behavioral1/memory/2220-28-0x0000000000400000-0x00000000005C7000-memory.dmp	upx
behavioral1/memory/2220-29-0x0000000000400000-0x00000000005C7000-memory.dmp	upx
behavioral1/memory/2220-30-0x0000000000400000-0x00000000005C7000-memory.dmp	upx
behavioral1/memory/2220-31-0x0000000000400000-0x00000000005C7000-memory.dmp	upx
behavioral1/memory/2220-32-0x0000000000400000-0x00000000005C7000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum\0	965f6b9ca8b4d758414dfcdb5c14d6cf.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	965f6b9ca8b4d758414dfcdb5c14d6cf.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe
2220	965f6b9ca8b4d758414dfcdb5c14d6cf.exe

C:\Users\Admin\AppData\Local\Temp\965f6b9ca8b4d758414dfcdb5c14d6cf.exe
"C:\Users\Admin\AppData\Local\Temp\965f6b9ca8b4d758414dfcdb5c14d6cf.exe"
1⤵
- Checks BIOS information in registry
- Maps connected drives based on registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2220-0-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download
memory/2220-28-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download
memory/2220-29-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download
memory/2220-30-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download
memory/2220-31-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download
memory/2220-32-0x0000000000400000-0x00000000005C7000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads