Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 19:19

General

  • Target

    183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a.exe

  • Size

    29KB

  • MD5

    4d83247af7f98fd81669ed48b84d3d37

  • SHA1

    db0dfa8a3d85979a6600bcdcc95f55a6c864634c

  • SHA256

    183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a

  • SHA512

    12b31af6af471a45fd61ed0bd67615e38dc131b39f16e780c341da16ce2bac0f9520a64cd7ebda96efa15f288aa9dfe430ce86c5fc9c3a6377e685ef6e212db4

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/TW:AEwVs+0jNDY1qi/qi

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a.exe
    "C:\Users\Admin\AppData\Local\Temp\183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:464
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:872
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1316,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3596 /prefetch:8
    1⤵
      PID:1388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\44ZGVQ6R\I35QTFSD.htm

      Filesize

      175KB

      MD5

      86c41cfde33dd03ea167f87527f6d5de

      SHA1

      3e2756fa96586c0b40e436058c3371033170f032

      SHA256

      472eb9933bbdbb8e6c63b9c1bbdedb9e285a6ae9d11793d0241550279c23e20d

      SHA512

      efb6767947d64ad1bfa541d62adcddd1ece3b979af7b7df8a77e421814e89ea24b0f104ce9058181d584fcc951e313bf405d4b4b57be65c008f9870afd6fdcad

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\44ZGVQ6R\default[8].htm

      Filesize

      312B

      MD5

      c15952329e9cd008b41f979b6c76b9a2

      SHA1

      53c58cc742b5a0273df8d01ba2779a979c1ff967

      SHA256

      5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

      SHA512

      6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\44ZGVQ6R\searchQC4TAU9M.htm

      Filesize

      119KB

      MD5

      aef6979eacf9421cfe28f7181c097419

      SHA1

      cca604a8230e18efaaaa7e1e7ef2b4b8e89d38f4

      SHA256

      d93d6878d4937c43b64544c27689515a69cf0f10c793ebfecdd3e7d6f7dd3195

      SHA512

      0bb218dffc89f48aa18a3d0275a2d740f9f34d2336b0924bd7f75118092866960830a252801a6b6cb293f0951e09458981b8ce0fb8f2504c90bfdd3c7d137230

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\44ZGVQ6R\search[10].htm

      Filesize

      102KB

      MD5

      567412ee3e122d36140b8ed7ab147e3b

      SHA1

      c356a104f8444fbe678fcbfa2a7acabaed290fee

      SHA256

      d6a65879c00de49a5afbd8b001f465a635ea20af264f343052a42bec9cb31178

      SHA512

      e37dd6a0ab444f0a0343ed0c1097723a2f1c7047b9f5ca1c8348340d68fc96508120c1ca59a04fad7df106ad74792768b14919f19c15f3cec2a8772f4bcde87b

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\44ZGVQ6R\search[1].htm

      Filesize

      115KB

      MD5

      dad2d0a7810df12b1e6adbb3f00ede74

      SHA1

      74c5aaea454019bd17aa6ac65571f400f79447ae

      SHA256

      4ca83826dd50b118c6a48605a8b0ff469f21e7f04c1fee16f2eec95a2db71e1e

      SHA512

      39698655d87f9a9fcf99eb3c15b3b41d54687f130fe505598d100a2799388b52183bf4c90bb3ab4517fbb7229a0b7a605cce4227344d5e04297b5d7e9b983e51

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\1VIHB3OK.htm

      Filesize

      175KB

      MD5

      3443dab2e901c3b82ce60185b5704829

      SHA1

      da9802d89a7f9a9710de2c1a6f892ad9f6623ed0

      SHA256

      61ba9d442be03f6d7c73db1dcc28c42f81bb224db7c688f3369f928b2fede39d

      SHA512

      dac06be161708cd4394a9c0a674ac888f4213ddefaaa05e0736c92cad8d66eebe43f5e64f0b9d6627e7bc295dcfd00937980d2d56cf9e6c166b5bce955544de2

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\results[1].htm

      Filesize

      1KB

      MD5

      35a826c9d92a048812533924ecc2d036

      SHA1

      cc2d0c7849ea5f36532958d31a823e95de787d93

      SHA256

      0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea

      SHA512

      fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\results[4].htm

      Filesize

      1KB

      MD5

      211da0345fa466aa8dbde830c83c19f8

      SHA1

      779ece4d54a099274b2814a9780000ba49af1b81

      SHA256

      aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

      SHA512

      37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\search[1].htm

      Filesize

      25B

      MD5

      8ba61a16b71609a08bfa35bc213fce49

      SHA1

      8374dddcc6b2ede14b0ea00a5870a11b57ced33f

      SHA256

      6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

      SHA512

      5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\search[2].htm

      Filesize

      135KB

      MD5

      6186dfce4f8891e93afc29cbc0148807

      SHA1

      d1470208747bf1d1772c48236624a4cf8e3ae052

      SHA256

      647eea2da1997b42aa38715f5cca62ba0ec4e58b878fc35c7399d6961d5998e5

      SHA512

      82ce5eb7fa18dd009666744b5a0c657821d6f98ac418b0941d9e442592efd7638e09b1fd70f8c98ffcf11eda1b0efe84e0c09ac2b0b067501754b292e55e8ac5

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7UY3WOJS\search[3].htm

      Filesize

      135KB

      MD5

      64ca89c0c0e10a67a2c6b722c638e209

      SHA1

      eee21c4b6973480f8201b0acdc51ddf281280b23

      SHA256

      a70d1c8e0125e21505bb4c2efbea3847d9f3e340260dac0e0ec46c10b5a4295d

      SHA512

      09914fcc73dd7bd261cb501a8b9ee9ff2e0cf90a19d07c40ba77e96947ec91bc8bc83e6425f238f463abac1ffa28457d28665c78a7faeb913e619c751ad378b3

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\results[3].htm

      Filesize

      1KB

      MD5

      ee4aed56584bf64c08683064e422b722

      SHA1

      45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

      SHA256

      a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

      SHA512

      058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\searchUCD8XUID.htm

      Filesize

      112KB

      MD5

      1c2157c36aa89e621af030196c6d642e

      SHA1

      58edda2778b377e62e93e1894c9ebef741d3f6a0

      SHA256

      325f5be275552fa13baa6f87566837b775296ca3ae234a500aa8b0b7fee2972f

      SHA512

      ca19cee374b8d07230a094f669d0820eb5130f391f51c580cff75df3f6b8fa79e15530be8c5b3f125c71e18bd7b7d3e8dcdb687102bc1d02f4c654d23100f6b6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVOFDIUO\search[7].htm

      Filesize

      152KB

      MD5

      b744c2f6d077ef81959c3b0d61eb6c20

      SHA1

      1ca4bfd15c04ea31ce535415eb5f35547d3a70ea

      SHA256

      6e04a16aef4aa4f65fc956514320d59ff781ffa63416a9af6b4a595e27a773d4

      SHA512

      5ece5e3c9fb0f470bcd74cbaad7ce71841f0ee2c38cfaf3f8cc2d4fbedde09b64df4c830f786f50ca679ea93902b59bece42527ccd39854df58b520811f31e6e

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YOJF4VYG\search[10].htm

      Filesize

      131KB

      MD5

      9f1001bb2c021352afbfe4fc7f4ae9d8

      SHA1

      3360efebeabea3cb45088df1519f2e500a4f78d0

      SHA256

      e961d9b70ecd531628ae0c444643592f653abdb47a6fad724521d4de4e5c294c

      SHA512

      d1bdded562a5069a8688785c13b443d9e1308fc128655a0748972bee16be220edb6863dcf2ce055860410e1229d598f688640297771b7f8c9b5d0765fb237880

    • C:\Users\Admin\AppData\Local\Temp\tmp39D5.tmp

      Filesize

      29KB

      MD5

      2da1c6a78a157228f3e90d1ac8fc14f8

      SHA1

      3fe13d30a24fdae2b9444a6f44c0c974d313b31d

      SHA256

      4c24d391afffd5a0e2eeff21e10152c348cd17dcdd132d8591d2eebb5b8734d7

      SHA512

      aa42b467116aef6e036c84c8329c4bce059099321680e6c994ae1aebd13ba25b3ac59e33ada879853a3f6d331bbd5542537a6a51ae3b035c257e143568e2d201

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      320B

      MD5

      160931bf435887d8320cc453722e8ef2

      SHA1

      e752fb820b7f6266bb2a864ae767c935c59f64d8

      SHA256

      d4a2fe4adb3cb1039d89c5469a369ee9cd35200c6b090e2de88d4732237d1348

      SHA512

      e78725e39317e25bcd72c13191bf5c9972cfe964f8a94b14e9d7357217e33ad3803f515eee49bf1d11ed26a4d4f2e16548e9c177f3fbc41348cf77f346bf2e32

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      320B

      MD5

      03aaaf4ed319d6af621e4b52e242c202

      SHA1

      87112402a59916426100670d8b72d82668e4f032

      SHA256

      db2dc20580522558816e278a109c0e073500308f909bae9622e2c470def2921f

      SHA512

      a81a3b2c6964bb4b72894888b3e7703dfe547089f02fa41f0139314fdbfaa7a30d97e7978c843cc9e79ffd9a23b7779a9c17d23c959a7c7e9b802ab077fc2670

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      320B

      MD5

      88acb459609a541b919bc712ce09a25f

      SHA1

      e5169584f9c3185785d7b5063434ff26e1395ff9

      SHA256

      a8ddd6fe8f41a3da297d45051c03010fc80a18396dfe6caacc22cfa22fe2dcd5

      SHA512

      42399c841b475b647de214c63441957c03202cdfc37f9c6dc96a7091ebded113806ef7e804a951f3dac38ce75a208f6c07791be495d125639de5aea0edf8c13b

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    • C:\Windows\services.exe

      Filesize

      8KB

      MD5

      b0fe74719b1b647e2056641931907f4a

      SHA1

      e858c206d2d1542a79936cb00d85da853bfc95e2

      SHA256

      bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

      SHA512

      9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    • memory/464-337-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-42-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-151-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-283-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-13-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-287-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-490-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-292-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/464-0-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/872-38-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-26-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-152-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-293-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-338-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-36-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-31-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-43-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-24-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-288-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-491-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-19-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-14-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-284-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/872-6-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB