e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61

General

Target

e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
Size

2.5MB
MD5

c33f553b0eac316221eb9e23e223de54
SHA1

665ba178875c7aa131108358479cca35d7bf9544
SHA256

e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61
SHA512

b57c9c05b6a453163a953e9e1355cc16f3caecfa806f4c9bcf1d3c3753a653695955dee769ef19a451bf07e7272a8a896b9e2eee270f6b593b25fea49ff1a923
SSDEEP

49152:Gq5MJJIrbqWH9loC9pgGpoX9flHCizytx50HTSJiFOdC0+oYmJzye+XVmMjkt:GLaF4gzpoptfmeTS7+oLJzye0mukt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1924-0-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-7-0x00000000001F0000-0x00000000001FB000-memory.dmp	upx
behavioral1/memory/1924-8-0x00000000001F0000-0x00000000001FB000-memory.dmp	upx
behavioral1/memory/1924-10-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-12-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-14-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-15-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-16-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-17-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-18-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-19-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-20-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-21-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-22-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-23-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-24-0x0000000000400000-0x0000000000933000-memory.dmp	upx
behavioral1/memory/1924-25-0x0000000000400000-0x0000000000933000-memory.dmp	upx

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

Processes:

e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Default_Page_URL	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = "http://www.2345.com/?28879"	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Default_Page_URL = "http://www.2345.com/?28879"	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
Key created	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Default_Page_URL	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

Processes:

e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Start Page	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.2345.com/?28879"	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

pid	process
1924	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
1924	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
1924	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
1924	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

472
472

pid	process
472
472

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

pid	process
1924	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
1924	e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe

C:\Users\Admin\AppData\Local\Temp\e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe
"C:\Users\Admin\AppData\Local\Temp\e4fc3353e9bdd0111ce5b906be5eac0d7f75a9e3f1ecd9a8b16685b45d9f8c61.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1924-0-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-7-0x00000000001F0000-0x00000000001FB000-memory.dmp

Filesize
44KB

Download
memory/1924-8-0x00000000001F0000-0x00000000001FB000-memory.dmp

Filesize
44KB

Download
memory/1924-9-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/1924-10-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-12-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-13-0x0000000005FF0000-0x0000000005FF1000-memory.dmp

Filesize
4KB

Download
memory/1924-14-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-15-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-16-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-17-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-18-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-19-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-20-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-21-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-22-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-23-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-24-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download
memory/1924-25-0x0000000000400000-0x0000000000933000-memory.dmp

Filesize
5.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads