ad7f55bcf78b5cfb090ceb943fe4a7312e4a60e1c4c55f095c8a71a63adab95d

Analysis

max time kernel
141s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 02:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6ebd95e886e277dfa97ed89c8daea00.exe
Size

670KB
MD5

c6ebd95e886e277dfa97ed89c8daea00
SHA1

6772aea658ec250b2c2c436b2242aade5a82cb32
SHA256

ad7f55bcf78b5cfb090ceb943fe4a7312e4a60e1c4c55f095c8a71a63adab95d
SHA512

f45539b97ab50fe39ce489d9c6aafec5343c008ae39d6babdeeb2cf8cbbe4e95fc18aec720dbb3a80a815cea19f7b2b7149bce0703efaeff4cafdefc2195aa3e
SSDEEP

12288:j+tQY3u4/30tqXRzueOPrWuZDoZH88fgKxNOMfA33sUKpfcsFmcyouSKhK6udcKj:jGQY+ttqXRNOPrWuOZHHfRXA33OpfPFt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x0000000000400000-0x00000000005AC000-memory.dmp	upx
behavioral1/memory/2320-74-0x0000000000400000-0x00000000005AC000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	c6ebd95e886e277dfa97ed89c8daea00.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	c6ebd95e886e277dfa97ed89c8daea00.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	c6ebd95e886e277dfa97ed89c8daea00.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2320	c6ebd95e886e277dfa97ed89c8daea00.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2320	c6ebd95e886e277dfa97ed89c8daea00.exe
2320	c6ebd95e886e277dfa97ed89c8daea00.exe

C:\Users\Admin\AppData\Local\Temp\c6ebd95e886e277dfa97ed89c8daea00.exe
"C:\Users\Admin\AppData\Local\Temp\c6ebd95e886e277dfa97ed89c8daea00.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\index.html

Filesize
9KB

MD5
850bc00e912482c6824d98321f5cda9e

SHA1
9863be891a62993b40b7ab8d534ac3b28ae1b0ff

SHA256
ccbfe69af8efc999b1ea9e3ebdea0973e92bb2fb4d090fa5bdd84c045f2d2569

SHA512
9ab87bfb1725d44c55308c1596e51093e1a5c6e1e2cfd8cd3aca4801cab327cbc87bd956dd5e574d72920b4f345c0c8dac1162de991d9e042605ff3d132eaefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery-ui.min.1.8.0.js

Filesize
202KB

MD5
a4fdd77e182bd2fabe300a47b5617a35

SHA1
e002b335c75b5edefcd251962f61f53a2ab8e0f2

SHA256
8b59592d67eadc703af6cdd5ba8d077f9f9485d01fb6405555614335f89be99b

SHA512
ddcccde1c129f8f71fb39685abc615c4202b8b3dfc12cedd7d9cca2f97b308fc14b64497826421fa9df3d1cf54bdae9c085051af0a8d393cd3d556a6578d4085

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\js\jquery.min.1.6.4.js

Filesize
89KB

MD5
219073097031d9c1a95a1291d66f3a10

SHA1
2b7996b01d90b7f424f2a2e6063947461db4b2b2

SHA256
232066e3f6f1351afdaee1acb70c409766641fd5669e0b55ce7c77fac0a857ef

SHA512
9ad2745f96cf79a4d59393cc3fbb3958b244013f6798c12abe41e37fca80df3c7cedab4b47cbd197645c86b31077388ec8f01ea8d67c5feacbef95b1ae7582b5

Download Submit
memory/2320-0-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2320-1-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/2320-61-0x0000000004900000-0x0000000004920000-memory.dmp

Filesize
128KB

Download
memory/2320-74-0x0000000000400000-0x00000000005AC000-memory.dmp

Filesize
1.7MB

Download
memory/2320-76-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download