f13ee983f7b7f9f30fc383b1923438dec4915dbed94d829e267d2940edca09c7

General

Target

WebBrowser.exe
Size

713KB
MD5

29c976b214c7b4841e362d29f782d08f
SHA1

dd40193579faf1e774c69a99c652b073d77aada8
SHA256

75f8144356539cad365d6f66970637a5928c9ecec6daeefb21b362a9f027d8e6
SHA512

c2c2c8b0eca7a65b1205f6db60c4b0781487da1b7536aae967fac8c816414f568c1d1f333ecd189655b96f86ca93d3d5bc79b8d068800348680ff2d9c137dc9c
SSDEEP

12288:ZadaSu9Nz7DgcFRWmGt8oz7UBFITXAhWclk19OAJEb5vvBap:Zad29NDgvl8oz7YFlu+7a

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral7/memory/328-5-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-7-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-10-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-9-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-15-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-49-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-47-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-45-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-35-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral7/memory/328-63-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main	WebBrowser.exe
Key created	\REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TypedURLs	WebBrowser.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
328	WebBrowser.exe
328	WebBrowser.exe
328	WebBrowser.exe
328	WebBrowser.exe
328	WebBrowser.exe
328	WebBrowser.exe

C:\Users\Admin\AppData\Local\Temp\WebBrowser.exe
"C:\Users\Admin\AppData\Local\Temp\WebBrowser.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/328-0-0x0000000000400000-0x00000000006D7000-memory.dmp

Filesize
2.8MB

Download
memory/328-1-0x0000000000400000-0x00000000006D7000-memory.dmp

Filesize
2.8MB

Download
memory/328-3-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/328-5-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-7-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-10-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-9-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-15-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-49-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-47-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-45-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-35-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/328-61-0x0000000000400000-0x00000000006D7000-memory.dmp

Filesize
2.8MB

Download
memory/328-62-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/328-63-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing