1743c09774c8aa85ea6463bf48def681e4ccf13660620e7378ecd9df6c33169b

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fish-v327-0221/Fish.exe
Size

3.5MB
MD5

b1473586f0b34e267f0a483598b411ae
SHA1

26765d55f69589b047a7cecd8ecf884531c4e046
SHA256

039b7a53462c5ae6f10239b084e94eb18eed31c82dcbfeea9c616a0de0836fba
SHA512

7ddf835823666d2307f34b7f95bfb5168049392ae1fe7ceec088960d1382be8864dfad728ed91b1b3773bdef86e14341bcc8be08905f42cffd7a1eb6d3525dad
SSDEEP

49152:zzsR1DavkiXpsQVFRR1TbZ1SNa6NRd5DD/DDD/DiTkK:01DavnZsQVFRkNTpD/DDD/D

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main	Fish.exe
Key created	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU	Fish.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	Fish.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	Fish.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	Fish.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	Fish.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2016	Fish.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2016	Fish.exe
2016	Fish.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2016	Fish.exe
2016	Fish.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2016	Fish.exe
2016	Fish.exe
2016	Fish.exe
2016	Fish.exe

C:\Users\Admin\AppData\Local\Temp\Fish-v327-0221\Fish.exe
"C:\Users\Admin\AppData\Local\Temp\Fish-v327-0221\Fish.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Fish-v327-0221\kini\tkcfg.ini

Filesize
484B

MD5
d541adc556d29750c6e21f6f1e039d8d

SHA1
d1a89e895391cbd60c88396e63975be232e023e9

SHA256
a2e669ebed972d73724e2d396153a7153471b3717824dfc2987f4698ad13804d

SHA512
2651db7d2073afdbe465b7ed5ad2c282357afe4ce92401db2ea58c5556b487cf11ab507cc504a0c44b571c4010da66d236730db8d30c2f8c3f7f81d0a6f8a07f

Download Submit