0534bd590fba16ba535feaa26babf7dd209ab721ade2c11ffbd26dd44712015a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 11:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

mirc.exe
Size

2.7MB
MD5

880fcba90fad39cd0d778fb02af3fd5b
SHA1

acb94a207a732bd61e773f81cf54db92219d8b9d
SHA256

9cdd89d661ab70d0fe5daa7874ceef53b4af095be1aeb395d696a5f8cdffdc8c
SHA512

cfd3b8fe1eae43bec669438ee2b45e8f5ef9981a6dffefa42344dda9b094514431fa08ab35ea4b2c75ccba48c8306704a8bf575da4d128827299030c5a8ad717
SSDEEP

24576:hX+riBEs1i6Dw9ijYSOOFI+fj9s/2pHk5TTvV5WFAnY2lRARnoJYDhk134i28RSo:QhLHNIUYDhk19rHWchO3YIzLTm0E

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\ = "URL:IRC Protocol"	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\DefaultIcon	mirc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mirc.exe\""	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\Shell\open	mirc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mirc.exe\" %1"	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc	mirc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\EditFlags = 02000000	mirc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\URL Protocol	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\Shell\open\command	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000_CLASSES\irc\Shell	mirc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2000	mirc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2000	mirc.exe
2000	mirc.exe
2000	mirc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2000	mirc.exe
2000	mirc.exe
2000	mirc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2000	mirc.exe
2000	mirc.exe

C:\Users\Admin\AppData\Local\Temp\mirc.exe
"C:\Users\Admin\AppData\Local\Temp\mirc.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
2KB

MD5
b110430d94ae2ec17a43e002e016fbbf

SHA1
9f729ba6a57f92d6507baf7cd4a98bea9030551d

SHA256
5e558a578440d27b742a229c15034c7719c866e58e82406f963158965af28909

SHA512
5ac968797a518f5ca0ee516e66e23190bd4b495e7cd1299120dbe6f67a695d9d527adcb1683693899325287f7b3343d00c41d92c968e5087cbfb843c7d976f44

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
1KB

MD5
3f21cc7809f37409cbed85890b719c54

SHA1
f7a8b4673dd2922e6c980406f5384f577b06f37f

SHA256
9b815c242b5a4c1227d9fab90376ab8812c1c455c30de14ac4ca5601d3690965

SHA512
dc2a1eb2dc52380684bf3972216c42eee5aa4585f86b1fb2216d1c0ab440d6a9486c349529e0ccbbeedc33c0128c298827a948e59a94e06f0343cc2d935eea12

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
2KB

MD5
e874b97ecdd649c177b25cc796a8145a

SHA1
5ee687946fc3e99d96090ceea73e296db9125646

SHA256
89b3c1a44ee4c584d544c8b035fb06ec511eb7ef712e7e8ad10b290eed75d207

SHA512
096abe831788a70a6b9e053b39cf333d7e03a67ea26ba078529846514637f158d3dd4452ae4bed7580abf3716795b2aa9067bd83e410d94a3fd9976bbcf214a9

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
3KB

MD5
e6c70e0a535a67464c2ba7e9543a46bd

SHA1
69f4f3cdf71ceafa7364e6879bb01abd7e5506a1

SHA256
a6ba948192131e96d78492707746821ae00f4e1982edc7a9c9e2d4942dea555f

SHA512
bc3ad4ffaee26421cd7aa837102075b1770bedc67218f151142d56c927c31c213c04abec341dcda0a8171495f8289f831610524fb2469b2e9220f4793673c4c1

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
3KB

MD5
e03c875689ef53c6c2437daccc485576

SHA1
deb83f98281ce8c74a0284fbfa6325acb22d9ffd

SHA256
143c672690ba0ad7c1a3d656d67815136b81af949fbbd22bfa76d28636215148

SHA512
98ed6034df3757cb10b3101d284a030d4666b87d4f00c7d5414fa2ae5b16d7f045b61f0fa1add9ffb93933a5ed58d2e0331e6c0b0c7611bf76cd15b8d840cc16

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
3KB

MD5
79edba2b716049239317c364896ff582

SHA1
1af47456a11a8b9e9e7d780852736d7ba11a9735

SHA256
185bd6b3469793a205c4a69e5b275efaf21b23af6eb7207211dffaecd7871d58

SHA512
64269497c68c9f7cec6dfd844514e9f2994d92815a5d166a95f618c4006eba203b550e5682b7700de079f0aa7d034346ffbb669d8fd94d6f7885ec7f0fcaa2e0

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
1KB

MD5
f3262c7299e8e403318996d3bd2b11a9

SHA1
2045b0c920b9eb200204fe13f2fa10b837d740a6

SHA256
a20de20799389e0ac163344858977bc0d6d86962996766fea839cf072de46681

SHA512
f4887fa7e6e7051a93e7d2464e2cb9fe3a916b5703034a1a47d4ea96c341bec53d7b3e8b3cb07cd94fdca8f9d44ea3a3c2d695114946810b5df5fbefb4ccbf2e

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\scripts\popups.ini

Filesize
2KB

MD5
b0296bbe419ab0caddfb350da1685ac3

SHA1
daa5197833af120e5605b62e77327b5748700d1e

SHA256
a34cc155f5afc3a8986b0a00ada4993526366a9745ea13ba9944875315a31df8

SHA512
f78eee2f146cd583b6f6e16c2f840fad7f18ed217301607d0758166c199fe0db5ed3efac98ccac960c0237759754d859b6a282a935084c9dee538d15e01b16f5

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\servers.ini

Filesize
27KB

MD5
dee6e19beae5a62e1c80c85563eb1b44

SHA1
c263f33c6b6822717d73a6c001469bbed3bf5b16

SHA256
59b882bb6691167c5bc1cf242a65eeb3a94012d98f41c95c53721f42796c8c79

SHA512
3a1268805eae33265961c1f506c9b84e5d296052dae9d5e208931f2e72559f5cc582e5f8949b47e0c1140248f2e42d4425ccca994dea96a8be1abbb4239ef8c5

Download Submit