0534bd590fba16ba535feaa26babf7dd209ab721ade2c11ffbd26dd44712015a

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 11:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/mirc632.exe
Size

1.6MB
MD5

7d7b3d9e516b27c38d1f320a8a70315a
SHA1

d5a5731edf9b9da888418248284e904e9c47a008
SHA256

ca8002ef56a72e454b638ce4d43eafddeeefb84d8b9c88ef251ed622a7ba18ab
SHA512

f73df64a3a8ded18cd2774ae251eacddbddc59d3f1f7b86936e67a2bc6744a70346dd0a0fb7e3d8b53ca72c4455e85350512c083a62e2f4b62e2e6e162cba60b
SSDEEP

49152:PEM1fS5ddxStuE1FOmLSQl22rA0KH+ps0lN0i:PE+K3SsEnTLVY2rAopTlNn

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 6 IoCs

pid	Process
2072	mirc632.exe
2072	mirc632.exe
2072	mirc632.exe
2072	mirc632.exe
2072	mirc632.exe
2072	mirc632.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mirc632.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2072	mirc632.exe

C:\Users\Admin\AppData\Local\Temp\$TEMP\mirc632.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\mirc632.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: GetForegroundWindowSpam
PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\ioSpecial.ini

Filesize
686B

MD5
4a42b0d53eb5e2620a0d39beef00e70e

SHA1
d90fef25416c6432b7b4857ec2deb5b107c2f570

SHA256
e22d22c21b2a33f9fb42b6da58d88fded381f33bafa8c14d95fae1b4fdeaeb19

SHA512
3522e8c8bfdd0ada4339ffb86fc98be1e38f3207e5729e4633f4c27b7a3047413df2f9d09721b2081e74154b45162ce29f32f9fe15d738f16344411a5c5260dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\ioSpecial.ini

Filesize
725B

MD5
3a1872f0829804eff7193eddc730d31c

SHA1
efb3b4429eaad7085cd0f8157a2110a53e6241e0

SHA256
fa219d0ae4f13154a2349cd2cb4aec8f1a954bd5419eeba072f627cf977b48c3

SHA512
fa4135c4bb58405ca32980004ccf79538ddf2d3fa00335238b5282ef8a6464cc886d5ba5848b006d2b4d47d20b1adfcc1d887dd5d3878765687347b4c24a3d45

Download Submit
\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\AccessControl.dll

Filesize
9KB

MD5
ac426cc4fb1fd52e45333a26d0c0c173

SHA1
aefeb4520503670ec19043f30b52515515bddaca

SHA256
dcd93abe74c1b1191dce90b5764bb9acba1e5d17845ebc26a016ff888c14c1a8

SHA512
1e959012d70c5ca52853b5ffe9032aac1b2569c6875274e494fc9692654eb1c9ebf2d34f2aa8fe99b0a870c00d937826c36c1c4073c9cb53cb1c7697514b897d

Download Submit
\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\InstallOptions.dll

Filesize
14KB

MD5
3809b1424d53ccb427c88cabab8b5f94

SHA1
bc74d911216f32a9ca05c0d9b61a2aecfc0d1c0e

SHA256
426efd56da4014f12ec8ee2e268f86b848bbca776333d55482cb3eb71c744088

SHA512
626a1c5edd86a71579e42bac8df479184515e6796fa21cb4fad6731bb775641d25f8eb8e86b939b9db9099453e85c572c9ea7897339a3879a1b672bc9226fcee

Download Submit
\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\System.dll

Filesize
10KB

MD5
32465a07028b927b22c38e642c2cb836

SHA1
309cac412b2ecf6a36f6e989c828afcdd8c7a6e4

SHA256
eda545d4dcb37098a90fce9692d5094bb56897f04eff6d40e3dedd122a4d1292

SHA512
9d886a722bbbb5d8d77e97d256057fe685f1932042257a8382e13548fe835d01c64de65e2b5ad2c2ff99692b14c924e6ddb84797f6224f1772e8699b421e6aff

Download Submit
\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\UAC.dll

Filesize
14KB

MD5
b7d7324f2128531c9777d837516b65a6

SHA1
e15e44fc7c907329e1cd3985e8666b4332f4fa48

SHA256
530dc2b26366fc86072487438317a5723a10ff8b38522f9e813df19146a31033

SHA512
829fc241cd377de094faf80bb38828c3d877170ca4a3fd85810bc911d2ce38941f8067ef681c21d8bbc04be8a99a3d32b3aec51ae7b32d3a89e5a9d9597ed8d5

Download Submit
\Users\Admin\AppData\Local\Temp\nstF6CF.tmp\mIRC.dll

Filesize
30KB

MD5
8423ec692d326f92dfa7db57f977d315

SHA1
65fd701692fab6dfe24ba0fa2b29e474b6f5da56

SHA256
0d1218f43e2b5b0d4e052918b5193e7e050bb9f0a9bfc39f7395276b8399b50e

SHA512
fbb0f057dc192362584efbbb5e0c9c6fa56584580b3190aba83017905a50b9b3f54aa535281eac34f4a07538a4ddee822d974cb512b4afe28e15b504376102fd

Download Submit