c65f772bfc03f267f754142ff0c3a3461d1555d14dff33e11553d09f8343ad43

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 11:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

994913e10d62a3509a12d590b564398a.exe
Size

396KB
MD5

994913e10d62a3509a12d590b564398a
SHA1

6e0cd22a386dc2768cfa99c69540b63631990755
SHA256

c65f772bfc03f267f754142ff0c3a3461d1555d14dff33e11553d09f8343ad43
SHA512

0b6e9dbe8f66ea3efbf70d5964b27b4fb27c9c93cd3367659536677dfbf932973d80acce39fbe30f79e79b59bbfbd4ac92bb54ee6d3ad968760c81bee7786507
SSDEEP

12288:OeR8+TBNyNsfc8n/D8ONi/EZwONEfMzjQroSLMMUm:Oe2+3yN+cmrH6E+cEfMzjGMMUm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4820-0-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-136-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-137-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-138-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-140-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-141-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-142-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-143-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-144-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-145-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-146-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-147-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-148-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-149-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-150-0x0000000000400000-0x00000000004F9000-memory.dmp	upx
behavioral2/memory/4820-151-0x0000000000400000-0x00000000004F9000-memory.dmp	upx

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~2\is240603125.log	994913e10d62a3509a12d590b564398a.exe
File created	C:\PROGRA~2\is240603265.log	994913e10d62a3509a12d590b564398a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4820	994913e10d62a3509a12d590b564398a.exe
4820	994913e10d62a3509a12d590b564398a.exe

C:\Users\Admin\AppData\Local\Temp\994913e10d62a3509a12d590b564398a.exe
"C:\Users\Admin\AppData\Local\Temp\994913e10d62a3509a12d590b564398a.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240602593\bootstrap_22294.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\css\main.css

Filesize
2KB

MD5
5c364db19fdab190c4f752eb61c6c227

SHA1
e68ee96679f6554e72d184298930a849c776a874

SHA256
1f10099ca1415658743e0fd3d55f8263c4db88fb6b9dce02dac85f33cbf6cf08

SHA512
66ad25d655e4ec1085eb52d9fb8a196c4d31c4383e5290f0578125760f9763df7cdfa7947f1eb682ea3e575fadddd29ee3a93e67ab1e5cf56b5fbc5717cc575f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\css\progress-bar.css

Filesize
334B

MD5
c36b51181c5eeb60a208e52bccc01d5e

SHA1
2487694ff42dd4d6188aa6513ce45a0edd6e4b61

SHA256
4fa0626be51bb23c2f302b5a4adc10d75cb71f4a3e9d765802bf73ae154046c4

SHA512
b3a92ab6ec11c172a20d35d099837b8843558e1620b61322f54eacc8e27065f0ae8c8eac43a15e4c484fc99281c4c8c589e3e395de7f2d82e84468b4dbc60f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\bg.png

Filesize
25KB

MD5
669d91db360e055e40a3909bdd4c2be0

SHA1
5966cdbce630e1eb545044a1a3d00abd9920f4db

SHA256
2ccec5051aa6d444d1ee83fee02eaf42a9d1ec63160d2e450972d0c3e24fcda2

SHA512
a44b3f21bd38ef2f2263451e08c67dc057c03635c6ff1d7d4f17852dca4d68f69cac32c6228fcbdf73947538b2457b770363081bc17a2a815dc981f27c0313b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\close.png

Filesize
361B

MD5
2b677420590ee8241686cf0c8cb0c106

SHA1
b72422bf04664ede9dafdb82244966adceb8c4f7

SHA256
8fa2f8a474e558c6bffd01ff0e88006449616fa721ce3179006a1db9801c1d8b

SHA512
64400e48c311be34cd57a0035dba1cac28fd9d84965fce53c9246832784ea07e3e35fe685220b2f07eb4dad9eaa5a27d2328d1b7ac0b93205fee55f2fb45a2da

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\icon_better.png

Filesize
12KB

MD5
605c34cd0e06ff2251f2bf2d0773e294

SHA1
642e9ad5bf7cf2718987b1af3736c13deb0c6f3f

SHA256
502e142da9a0f3afd5667a0ad22f434c77a7d98122fc55b848f2b982ccc25d08

SHA512
d158ec96bae874aa5f305225411a647795227afc0e300b5bd88bc152758698842966dedc886464555f9010a748942d808d2e5e31084c4912df7cb8ea268b128c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\install.png

Filesize
1KB

MD5
2b20b7c03390a7a41911b3b2576be6fe

SHA1
4f77264803ae671207490704737daa2500feafcd

SHA256
75dc22a1b90f3a3c33002271c0e71434bf2453ffd5569c765ccf4af8566ccfd6

SHA512
87a113b467431da9343748ec9ca63971b3d6815bbd1b166f6423fc1af762fde4dac06115e4ac5732539930249193b6975348b1ce2e589e19308e22d2b662bc80

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\install_hover.png

Filesize
1KB

MD5
19131d974934bd1b9f5efc18ff3a5d5c

SHA1
0697723aa514cf903ec35191877823d41773ad42

SHA256
ea7286ad0ec5256b599805a3ccc858bfa7d5de45519eb16897e796418b705276

SHA512
5ad77a01198fb0cf374db82e2227f795c5d8fb0bdac7085d764c81cf8f1d2ed509f1e6b2552ae79cd6d6ff3a297c4d97977e37273f0e1e05e543818943cd5c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\later.png

Filesize
666B

MD5
b24ad15a6b2718a7fd22b5f3e475ade0

SHA1
37205eb2d4c7f3bca37d5540aeae689a23a0fff7

SHA256
f05e596575a1b36bf7fead69ec9f95837fe7229acdbd147f07192ce1a07bd036

SHA512
26b5b753962685a83dd38d5d2db4be46f6a3df83147b83f0fc5fa41f1a16777f13b80f4de28158d6b3b40815b871ccfaea4d59e80d96e5ae3a7f4f95de5c246b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\later_hover.png

Filesize
695B

MD5
bd5c5fa2ed8e223cd56883f5c9016c3c

SHA1
8890ca50e2f834d6471262ad5930a5895e76463b

SHA256
3c415a2f6a6fd0816fb0adaf68e70030c1f738e22303f602d16fe38d1e98463d

SHA512
10e6248abb1cb019a39e1d0e662426f84a557ef0e95bd997da0b726a1a2181cec7d659f4ff0cf1b98c4fa6fd9c8453c46d9c70462133195b070372678dd44374

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\main-bg.png

Filesize
1KB

MD5
3559c0336ac74800ba9ea60ea0ed3a02

SHA1
f9cf2b6619afa4ebca369471682dada91a7b002c

SHA256
f2813081788cb2573860206ca3208904374aa2ccb00294de0b73e6f955cfc3af

SHA512
b4e7c8b5de81c8c13140ea1962048601edaabf23b39a4238b9699d195a2fff18537bba85bc440571bc7a7bf2155732d5e5690e98546f7363337c5932ab5d537c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\next.png

Filesize
1KB

MD5
0642817aa9dd2bdde2f87dbb1111517a

SHA1
faf14b0a1d6c79f574c6391baefd263c95ea702e

SHA256
8f097777eb8bad5b30a3b6b16d01aef58ac7127a7ce49edb56ab492aa9256eac

SHA512
582ae3ed0098506b29c5a0f1236d4e229a318a897b9e25093adb6311e086b8e8ed6086704fefd302ce481a62fc0d76f77a8d3dacdc56467f1b32fa5d2846b8fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\next_hover.png

Filesize
1KB

MD5
4cf114464b10977739a1b3f47520669f

SHA1
2aafc4caf395134d8c6d1c957562bbc54c5ea314

SHA256
3d6ad98d32e11862843af5e735d6f5202f00140a5784f51e45dc1a1700996e43

SHA512
239ab81a2c4b560adc872447c5b095df497221474850a745ce57cf72fa1dc37ce41120cd9e93c23ca44df16b87373a095fc89ad9f7fbd8ad1193dd262859e686

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\progress.png

Filesize
153B

MD5
80223145f64ca1caf3d884dfac4301e8

SHA1
155399ce252ef81f06351bb2adf44c21f1f37037

SHA256
c388b032baee6032d1a76093c51c5eda840d0116da48336401b78a61297e64a7

SHA512
285bf4b5c42971e150eae995479994bf7cccac8b2c7b8f5458ba2cb6b4e2cb4816b5be24c511d41bccca0944cebb931fd31d8bcccba33a503259ef127e90359a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240602593\images\progress_bar.png

Filesize
357B

MD5
a99fbc8fd32bb34c774d19d815587809

SHA1
ded0290e4b74fb363c2ddbf70291bac62dac18f1

SHA256
dbe72b4831ced3108d19f67869d82d0625d881f2ed3d34473a5f72235ff9dba4

SHA512
dc7fca5ab30e75d275b2b03ee69cbe59da9105f94caa39960f31c4e6d7f87fb107f0da66e3866ab8a6d132faa546e08aae9feae7fbfa8bb7c0314ca70779c723

Download Submit
memory/4820-138-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-143-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-136-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-137-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-0-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-139-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/4820-140-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-141-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-142-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-1-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/4820-144-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-145-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-146-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-147-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-148-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-149-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-150-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download
memory/4820-151-0x0000000000400000-0x00000000004F9000-memory.dmp

Filesize
996KB

Download