0534bd590fba16ba535feaa26babf7dd209ab721ade2c11ffbd26dd44712015a

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mirc.exe
Size

2.7MB
MD5

880fcba90fad39cd0d778fb02af3fd5b
SHA1

acb94a207a732bd61e773f81cf54db92219d8b9d
SHA256

9cdd89d661ab70d0fe5daa7874ceef53b4af095be1aeb395d696a5f8cdffdc8c
SHA512

cfd3b8fe1eae43bec669438ee2b45e8f5ef9981a6dffefa42344dda9b094514431fa08ab35ea4b2c75ccba48c8306704a8bf575da4d128827299030c5a8ad717
SSDEEP

24576:hX+riBEs1i6Dw9ijYSOOFI+fj9s/2pHk5TTvV5WFAnY2lRARnoJYDhk134i28RSo:QhLHNIUYDhk19rHWchO3YIzLTm0E

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\Shell\open	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc	mirc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\ = "URL:IRC Protocol"	mirc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\URL Protocol	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\DefaultIcon	mirc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mirc.exe\" %1"	mirc.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\EditFlags = 02000000	mirc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mirc.exe\""	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\Shell\open\command	mirc.exe
Key created	\REGISTRY\USER\S-1-5-21-3642458265-1901903390-453309326-1000_Classes\irc\Shell	mirc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2184	mirc.exe
2184	mirc.exe
2184	mirc.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2184	mirc.exe
2184	mirc.exe
2184	mirc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2184	mirc.exe
2184	mirc.exe

C:\Users\Admin\AppData\Local\Temp\mirc.exe
"C:\Users\Admin\AppData\Local\Temp\mirc.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
1KB

MD5
3f21cc7809f37409cbed85890b719c54

SHA1
f7a8b4673dd2922e6c980406f5384f577b06f37f

SHA256
9b815c242b5a4c1227d9fab90376ab8812c1c455c30de14ac4ca5601d3690965

SHA512
dc2a1eb2dc52380684bf3972216c42eee5aa4585f86b1fb2216d1c0ab440d6a9486c349529e0ccbbeedc33c0128c298827a948e59a94e06f0343cc2d935eea12

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
2KB

MD5
ce9b6b317e93888ceac0b3b830fb58a2

SHA1
25005390e8f11e6354fa143b8933d0b54fa45985

SHA256
138c4b8e61e26f4d75493276931f83f8a370a07324fb140c7acf80011f336392

SHA512
6452f81c92ac0dca9abb9f13cf125c487fe81dda42642f30d33dab4ad7c07c0b73a3d46a2ab228fa9a0b26664eeeb76f60ed5e85c1eecab2d8df0eb8bf87d548

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
2KB

MD5
e874b97ecdd649c177b25cc796a8145a

SHA1
5ee687946fc3e99d96090ceea73e296db9125646

SHA256
89b3c1a44ee4c584d544c8b035fb06ec511eb7ef712e7e8ad10b290eed75d207

SHA512
096abe831788a70a6b9e053b39cf333d7e03a67ea26ba078529846514637f158d3dd4452ae4bed7580abf3716795b2aa9067bd83e410d94a3fd9976bbcf214a9

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
3KB

MD5
79edba2b716049239317c364896ff582

SHA1
1af47456a11a8b9e9e7d780852736d7ba11a9735

SHA256
185bd6b3469793a205c4a69e5b275efaf21b23af6eb7207211dffaecd7871d58

SHA512
64269497c68c9f7cec6dfd844514e9f2994d92815a5d166a95f618c4006eba203b550e5682b7700de079f0aa7d034346ffbb669d8fd94d6f7885ec7f0fcaa2e0

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\mirc.ini

Filesize
2KB

MD5
b110430d94ae2ec17a43e002e016fbbf

SHA1
9f729ba6a57f92d6507baf7cd4a98bea9030551d

SHA256
5e558a578440d27b742a229c15034c7719c866e58e82406f963158965af28909

SHA512
5ac968797a518f5ca0ee516e66e23190bd4b495e7cd1299120dbe6f67a695d9d527adcb1683693899325287f7b3343d00c41d92c968e5087cbfb843c7d976f44

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\scripts\popups.ini

Filesize
2KB

MD5
b0296bbe419ab0caddfb350da1685ac3

SHA1
daa5197833af120e5605b62e77327b5748700d1e

SHA256
a34cc155f5afc3a8986b0a00ada4993526366a9745ea13ba9944875315a31df8

SHA512
f78eee2f146cd583b6f6e16c2f840fad7f18ed217301607d0758166c199fe0db5ed3efac98ccac960c0237759754d859b6a282a935084c9dee538d15e01b16f5

Download Submit
C:\Users\Admin\AppData\Roaming\mIRC\servers.ini

Filesize
27KB

MD5
dee6e19beae5a62e1c80c85563eb1b44

SHA1
c263f33c6b6822717d73a6c001469bbed3bf5b16

SHA256
59b882bb6691167c5bc1cf242a65eeb3a94012d98f41c95c53721f42796c8c79

SHA512
3a1268805eae33265961c1f506c9b84e5d296052dae9d5e208931f2e72559f5cc582e5f8949b47e0c1140248f2e42d4425ccca994dea96a8be1abbb4239ef8c5

Download Submit