Analysis

  • max time kernel
    153s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-05-2024 18:47

General

  • Target

    0d294b7c8870d93d62545648ae64d0090bf7899907952b4d0513975a165330f0.exe

  • Size

    29KB

  • MD5

    e66c40554e68230d9ccabda317e35fc4

  • SHA1

    f45d915705ecdc01a2c3bc08301d937f4df95ca8

  • SHA256

    0d294b7c8870d93d62545648ae64d0090bf7899907952b4d0513975a165330f0

  • SHA512

    3e1d52bc7a3ad5bbb030b6d4d1ce0c8fe33b2b0daf0fefe66db693efbab2384a155a97bc0da993a4ffe154da494aad4186421cb6628e98c514a8d33b1dcbe75e

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9//:AEwVs+0jNDY1qi/qH

Malware Config

Signatures

  • Detected microsoft outlook phishing page
  • Executes dropped EXE 1 IoCs
  • UPX packed file 27 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d294b7c8870d93d62545648ae64d0090bf7899907952b4d0513975a165330f0.exe
    "C:\Users\Admin\AppData\Local\Temp\0d294b7c8870d93d62545648ae64d0090bf7899907952b4d0513975a165330f0.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4776
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1128

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\resultsZN3O39GA.htm

      Filesize

      1KB

      MD5

      ee4aed56584bf64c08683064e422b722

      SHA1

      45e5ba33f57c6848e84b66e7e856a6b60af6c4a8

      SHA256

      a4e6ba8c1fe3df423e6f17fcbeeaa7e90e2bd2fffe8f98ff4b3e6ed970e32c61

      SHA512

      058f023cb934a00c8f1c689001438c9bdd067d923ddcbe7a951f54d3ca82218803e0e81fbc9af5c56375ff7961deed0359af1ffa7335d41379ee97d01a76ded6

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\results[5].htm

      Filesize

      1KB

      MD5

      35a826c9d92a048812533924ecc2d036

      SHA1

      cc2d0c7849ea5f36532958d31a823e95de787d93

      SHA256

      0731a24ba3c569a734d2e8a74f9786c4b09c42af70457b185c56f147792168ea

      SHA512

      fd385904a466768357de812d0474e34a0b5f089f1de1e46bd032d889b28f10db84c869f5e81a0e2f1c8ffdd8a110e0736a7d63c887d76de6f0a5fd30bb8ebecd

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search83HYC3WK.htm

      Filesize

      116KB

      MD5

      225aa5853a1b68b60bb6b77540978715

      SHA1

      d424b844b2c003f5d370a7b13ac4fa72befb50b7

      SHA256

      087776ec5929631a64708cf0942105e9bb61c4e505a709f00f280bc4763c7088

      SHA512

      c3d1d8ffcdf54a488b455587abf5f7c842434dfa3e650247c9cfb1390e0be0e8e9392ef807450607e7f0c36ed88da60879d4233149518cca16f9646470d9c868

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\searchMD67V4KV.htm

      Filesize

      135KB

      MD5

      196e5dc89e4e07f927d665313a74ff07

      SHA1

      56ef49c194e6fbe9165153a71c1b9b5d1fef19ba

      SHA256

      f93121ee891b9b597c7cc5dba4f6bae2d80108d148df696e4e3424e3b6338e68

      SHA512

      150530ec254388faf44f240abb132847ef16082b048e4305f06fcafac20976aedef3b62d8df7d141c277bd23396c3523bd4ed305b0e42daa8cd1e7d4f636a4f5

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\searchWRI21B8Y.htm

      Filesize

      132KB

      MD5

      497bf45d6398e17a552016d2fa2a7395

      SHA1

      bead1690db9b516d55fc464bfe3435fcf6c51bd4

      SHA256

      771e156e77686045276929b34775bd20656c25f7b399ba3957170a83506c3722

      SHA512

      6a9faf6e9e412c306b9810f24e506cdecc0d13dbda6467ecb1832f18432a006f14f73220b99afa19175807d66628bb5086712e98c1e0e65f66c3e5476e07c60c

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[5].htm

      Filesize

      109KB

      MD5

      ba0f5e6a8c7784848a98340f0ee9fe09

      SHA1

      6caf6b61bc4a7f023542e7e2033586d4d0144ed5

      SHA256

      0c6abcddbf64d914e8fe1d22fef8b3b2d69d12da3be8fa0282d1734d8812fb7b

      SHA512

      28bd74a68efdc822ca5fcde36df38fbde1f139ad789c90da6709869154292354b6babf23541f950efed0eb379763c3d0664cfdb3034ee871694ee156b0cae427

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8ZO46T3J\search[8].htm

      Filesize

      116KB

      MD5

      5179f4b82b9891e1f7f41de9f505a229

      SHA1

      3f7ec0fa79fc8c3ec38fa92c640c68b09b4f534c

      SHA256

      b98b769908fb0a648c4d4b271a7df7bd6177f3cc3662f943d2dd0c28c71db0db

      SHA512

      1e02340f7de4059118e2395291bbfc89166fbb6b909b337c42867d0c1329b42e112945accbc7cfca1ba4e0d81bc5328cba1f06fefde9728aeb1dca879cb425c0

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\59DUNWCJ.htm

      Filesize

      175KB

      MD5

      1396b12ffb339896b8979eebf8fb87ad

      SHA1

      d6f22f4cdb4e77376da9890249730fd8a5d7d934

      SHA256

      01a6997c08fc49df333451cee49251ecf00c2cb050c860374253d5bbed632527

      SHA512

      8d39813f6c00b1be5755644a48dd5ed5ed9bd2cb0620604fc168f6bd08455d2e6ec890e9b747fe5a67ec5dbeda540dec485da23a37ae0dd9204817c11b39d42b

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchCKCJ2U03.htm

      Filesize

      156KB

      MD5

      34f61ca69ed059bfd90ea1d3c5dcb1de

      SHA1

      a7b32eee0c8809627d84913360c35365a6575d70

      SHA256

      be239f0b20cb6838f234add39103b8d8a3363dc1c8cfae1778975e2633d356ff

      SHA512

      122370df3a2e17d58320ad2440501a4ba436762dc51556ddbc247beb8fadbdef4a4437219c0be7ab78d5c2bd84cc4d81171ea539f1a85c4a964702c6f3d067e1

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchDAFVPL1K.htm

      Filesize

      166KB

      MD5

      6dd123701ff1b8ada11be71531468edc

      SHA1

      9d133fb0c946b06aca06249241c0daa82b661753

      SHA256

      291812d88a7cff5ebe636887880ce262e93b5b140458df33be607c5715605edf

      SHA512

      2077206aa5ac039665ab69be0f79a8d079bec606f2d29daa08aab3788c948d883ee5d50ab25bc913d513fd9ce26a9bb3448176f20b1b390024b9967d12cd4f84

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\searchM85A774B.htm

      Filesize

      134KB

      MD5

      2bb214aed4031cd8c7d068720ad84303

      SHA1

      b21710c30e2c59727f2e1c3c75e1a43475715d50

      SHA256

      9772d33753e8f1aa24c74950b1d12e80983e64e6eb8db5672c1622d33e3c1c5b

      SHA512

      b839fecb30d5faa65ce8e136f3e400ba7623991f6ae5092144fb7b54dd6a7854ea1099a5a59d35634b3c8cfd1197f8ee10257ecd420e33ed2a4c5f96768251cb

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[10].htm

      Filesize

      112KB

      MD5

      0cccbe3c5ee8bde4c5f0d01e359dc1c2

      SHA1

      c52525b3d1d4bf618a673c741f357b938ab9990f

      SHA256

      e1ca13ed87d48c64ef3a0271247ee6a5bd29efa7b4b145c90cdc3f9c17545764

      SHA512

      d7d3d0411a5d3d5a59c6f98c32306499a4406d428d871e4d87ab80281a7f04343f2a4e83f26a8c6041ac262fcdd7be1759f464558ab23b93afac936f0608ca4c

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BHC2O5WS\search[7].htm

      Filesize

      113KB

      MD5

      35adb2985ac605058228196959b614a3

      SHA1

      1df04fa1ed5905c3333523f37d1bf678bfd5bee5

      SHA256

      8bfd89f0cf5617550c198e619ee38013a63c145f5074b2b5272b99ecfef21aa0

      SHA512

      6b404defa9998f3cfd634ce688f23e91accf66e098634b697ecd66cf29b88ba805d8e03ef09bd4ee1b7c1976f58c681b9774780f4a6f4aa5f691d6608f6646d9

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\HPGH6TQV.htm

      Filesize

      175KB

      MD5

      6d19b685ce68dc3b33fb9c021f37970d

      SHA1

      931c7a56422436c2db7f960b9857d0e230ef288b

      SHA256

      7147d18256fbfe6605e7881753599fa91fb80d059634f6c069fd08b5d8608103

      SHA512

      6990e6e369bb66708a8f70f9599a63278edcd18d267517f10a6c5a28dc786c1960b3c9e0b80c980269a74b0459e277d7a855ccf5ee2df9fa1330521d4bae0712

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\results[3].htm

      Filesize

      1KB

      MD5

      211da0345fa466aa8dbde830c83c19f8

      SHA1

      779ece4d54a099274b2814a9780000ba49af1b81

      SHA256

      aec2ac9539d1b0cac493bbf90948eca455c6803342cc83d0a107055c1d131fd5

      SHA512

      37fd7ef6e11a1866e844439318ae813059106fbd52c24f580781d90da3f64829cf9654acac0dd0f2098081256c5dcdf35c70b2cbef6cbe3f0b91bd2d8edd22ca

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchALRLW2V3.htm

      Filesize

      115KB

      MD5

      e46c6e449798405bf59bf79e4a11bf13

      SHA1

      071a75dfa211d9428ff7964242f4faf309607935

      SHA256

      15604966215b427ed418147b46aa7c10c77d3f0f8db0922d03929ed08f7f0d6a

      SHA512

      dbaedce9067e328d5f2f1330a58f2e05cb66149d2c57d6e2e7512d8974e026effddd6ab799bc5eae6f56cec1b63c7b0708d35900a8129fc2455165e77eb62a6b

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchWA8A3A53.htm

      Filesize

      133KB

      MD5

      7a6cd5ce049396cf0d9f24711fd98fb2

      SHA1

      2b9ceb22491f2f6f7aaa51b393f964ddb4fe33d9

      SHA256

      50d8836fe00e38b17832ecc53013604317ce6a171376c6a650a283d19e7124ed

      SHA512

      558e780489314cb1e151e72cd2650101d7edcb628cc2765b3b9f090844ab13eb5d49d9e82f2fbff54fb5e1fdd1b627d06f01f254b6ca7e2543740d84583b14e7

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\searchYPH016X9.htm

      Filesize

      157KB

      MD5

      dd7cd9c6596c69e59d95297ec400779d

      SHA1

      44d4ddca24d259945877295b97fa3b1183870262

      SHA256

      d65560ad6b1cb15e332690ef27df42249cb73e75c8d4e25d6ddb74f6ba96da1b

      SHA512

      9915c179a6b8a60e9acce928bcec4b1a15937626960d67d278b7c8800e266b6f402514999f3aee40fddd5a5c4020e55071e77f4da2a811ac106b3f4445f1d039

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[2].htm

      Filesize

      25B

      MD5

      8ba61a16b71609a08bfa35bc213fce49

      SHA1

      8374dddcc6b2ede14b0ea00a5870a11b57ced33f

      SHA256

      6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

      SHA512

      5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O8VM10HV\search[6].htm

      Filesize

      121KB

      MD5

      9f782ab92de2ef366bad11697e266279

      SHA1

      c6d5e331a58a76551fae53b9b2174c4f1099f160

      SHA256

      7dcc5ef561c16a5e8d25ba1040c2b1624eb54f88c5d3ef9294e665006a44facc

      SHA512

      5a3921bcfd1ed81ecc57a9973d87452366d39f2c4cf81286e24e59d375c825032c5345510b4cb3bff379ad0dd2b91634f58fabaa8be2cc388c33d42b7a128080

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\default[5].htm

      Filesize

      312B

      MD5

      5431b34b55fc2e8dfe8e2e977e26e6b5

      SHA1

      87cf8feeb854e523871271b6f5634576de3e7c40

      SHA256

      3d7c76daab98368a0dd25cd184db039cdd5d1bc9bd6e9bb91b289119047f5432

      SHA512

      6f309dd924ba012486bcf0e3bafe64899007893ea9863b6f4e5428384ad23d9942c74d17c42a5cf9922a0e0fd8d61c287a2288a945a775586125d53376b9325c

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\default[8].htm

      Filesize

      312B

      MD5

      c15952329e9cd008b41f979b6c76b9a2

      SHA1

      53c58cc742b5a0273df8d01ba2779a979c1ff967

      SHA256

      5d065a88f9a1fb565c2d70e87148d469dd9dcbbefea4ccc8c181745eda748ab7

      SHA512

      6aecdd949abcd2cb54e2fe3e1171ee47c247aa3980a0847b9934f506ef9b2d3180831adf6554c68b0621f9f9f3cd88767ef9487bc6e51cecd6a8857099a7b296

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\search6T8XCS73.htm

      Filesize

      143KB

      MD5

      14d69e1ceb23b2cf54b0973a86123659

      SHA1

      7a9be0e238ca2d7804761be0201407db10674880

      SHA256

      0103cd3296686e68d565bcaadbf8c3279c7b3daf3eb1c14ba50ae83641e9cacb

      SHA512

      bc724b72bc1fbd0a502a790263e9c8fd54f3a129cb4673babc6a38af684b33a864e7785ee3d2dae3900fddc348f6e522429b216fcf9d36d85456c22a39d83367

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X0OFMNIL\searchLKSMMLQ2.htm

      Filesize

      117KB

      MD5

      5a8d5a92c9886f76204f130f0403f947

      SHA1

      4b391fecf790a04da7cf4174349561ea37fc608a

      SHA256

      b70b0c4bc9502ee6499b8ed55af1a5872e14f098859a95f4b99ee0b32637e8e4

      SHA512

      51c0f5a3e9334a3c1c31f016543a50597dedf77c7fc090b28c85d06bec6a790fb4349867b28279293cf0e12cfcf751debb57508e2142254d2371f97957a451ec

    • C:\Users\Admin\AppData\Local\Temp\tmp3793.tmp

      Filesize

      29KB

      MD5

      e66c40554e68230d9ccabda317e35fc4

      SHA1

      f45d915705ecdc01a2c3bc08301d937f4df95ca8

      SHA256

      0d294b7c8870d93d62545648ae64d0090bf7899907952b4d0513975a165330f0

      SHA512

      3e1d52bc7a3ad5bbb030b6d4d1ce0c8fe33b2b0daf0fefe66db693efbab2384a155a97bc0da993a4ffe154da494aad4186421cb6628e98c514a8d33b1dcbe75e

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      320B

      MD5

      5c6e3e2bc0a6e10f2946d12ecc75e4f1

      SHA1

      9fcaa747e688d1918b6d4fcbe1b946e17552115f

      SHA256

      75ee39f2d7aa7e04678d883a9f9371077457a068ab080b3e835bdff8453143ac

      SHA512

      d1b5593ee090a690646b968539f4a6f34f0260fb65199bdac0fe6acd240cebf9a36cc95a87bdbe1b9abcd757672a1489db318c64f04205f7c11114bddd5749bd

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      320B

      MD5

      d5d32c53b3ca7ab9ed8d9620340d8b55

      SHA1

      0191aff9118e3aea01814829290884c70f00196a

      SHA256

      f55744bc3929e31d76d9657a0b9f51cda51358b57812e2baa1c859ad7daab0e1

      SHA512

      97ccbc0ad9d0b850b5e05e1a3deba8b6693113e85674f14bd9c722d9c0e8f4a24cfa1e5ff2342a6a58bb38cca64f80d60e9b926946ee99c63e0bcaa9839baac3

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      Filesize

      320B

      MD5

      6b7c7a76e0c08d2a51daecd278b6d6e6

      SHA1

      743596fbfe739f45b41a77d867b3e907ec540a6b

      SHA256

      722ff5cd0d6a4f62b6b4f53d7475078bcec06ed5a1886d4548b4645c1399fe1a

      SHA512

      11336a596f30e52964c48a9a81fa4c966dc9265d751507c60f2ba9ead83f7cafe021291873805296598bf54012e2d68e7fbc5af3a56f52ee13c47cefc4919f92

    • C:\Users\Admin\AppData\Local\Temp\zincite.log

      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    • C:\Windows\services.exe

      Filesize

      8KB

      MD5

      b0fe74719b1b647e2056641931907f4a

      SHA1

      e858c206d2d1542a79936cb00d85da853bfc95e2

      SHA256

      bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

      SHA512

      9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

    • memory/4776-743-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-38-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-5-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-345-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-350-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-180-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-24-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-343-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-425-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-14-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-19-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-36-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-535-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-31-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/4776-26-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/5088-496-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-601-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-276-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-37-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-0-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-13-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-783-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-351-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-344-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB

    • memory/5088-90-0x0000000000500000-0x0000000000510200-memory.dmp

      Filesize

      64KB