Overview

overview

7

Static

static

7

6eecf14d8c...0N.exe

windows7-x64

7

6eecf14d8c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    110s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 07:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6eecf14d8cf7239930a36968a001ba40N.exe

  • Size

    8KB

  • MD5

    6eecf14d8cf7239930a36968a001ba40

  • SHA1

    f4f112cc84e4b32f472c0d636b90187bb7018e3d

  • SHA256

    9bf8efd0ba49ebcc3feda7ae96cdd4e66dca1bb30ce4a86da38e20125d234fe4

  • SHA512

    bcaf9f8dd7c7b405383ccc52e6c299aaed683357e60cee4cf8c4f219fd09df02b28fec363afc6ca25d40bf4c5c75abb7dfbba581a0b8f334b561145ad21da653

  • SSDEEP

    192:oRS6OfuEVIJoIH5FyRXNpADq9N9COOT9Ehb:oEp7IJoIZqXHASN9RdR

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6eecf14d8cf7239930a36968a001ba40N.exe
    "C:\Users\Admin\AppData\Local\Temp\6eecf14d8cf7239930a36968a001ba40N.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3472
    • C:\Windows\SysWOW64\regedit.exe
      regedit /s C:\reg.reg
      2⤵
      • Modifies Internet Explorer settings
      • Modifies Internet Explorer start page
      • Runs .reg file with regedit
      PID:3684

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\Desktop\Internet Explorer.url
          Filesize

          236B

          MD5

          e14dfaa28175f4210e37e105e304a83c

          SHA1

          95007bb7b2dd38ef872939051376e55732fcac23

          SHA256

          d5741485bde211744f09912169bcef005fe42f00fb1de8fcf13ddfcf6dc8a130

          SHA512

          b357e84e424f4fb39af93b63a7142efc8e440eb7e9e079ada0db55d04d8633664610a0d513f3a8b727aa0a80cfe970db4951b8f1a4b8e28726c24a0928aa7688

          Download Submit

        • C:\reg.reg
          Filesize

          1KB

          MD5

          70927dc19dfccddf467d1b06ef1600ff

          SHA1

          81cb9e2f617fec86023f56f85a11087288716337

          SHA256

          eceb4f97bc8e53f71a708f7b0dab70bfd9ffe3b042243d26bba543cfd0ff876f

          SHA512

          56a07fca63cbeac0dbfa70948574667f2101e78583b23bcded4b42aedce9e3123582a4ce36f01741282d0d3518fa22f5009192ec6e98fa1d922e4fa55e25c1f2

          Download Submit

        • memory/3472-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/3472-24-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download