Overview

overview

7

Static

static

3

5b3e5a4a76...18.exe

windows7-x64

7

5b3e5a4a76...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/LogEx.dll

windows7-x64

3

$PLUGINSDIR/LogEx.dll

windows10-2004-x64

3

$PLUGINSDI...rt.dll

windows7-x64

3

$PLUGINSDI...rt.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/IcqI...up.exe

windows7-x64

7

$TEMP/IcqI...up.exe

windows10-2004-x64

7

Flash10c.dll

windows7-x64

1

Flash10c.dll

windows10-2004-x64

1

FlashPlaye...ol.dll

windows7-x64

1

FlashPlaye...ol.dll

windows10-2004-x64

1

ICQ.exe

windows7-x64

3

ICQ.exe

windows10-2004-x64

3

IcqUpdater.exe

windows7-x64

3

IcqUpdater.exe

windows10-2004-x64

3

MBContainer.dll

windows7-x64

1

MBContainer.dll

windows10-2004-x64

1

MCompressLib.dll

windows7-x64

3

MCompressLib.dll

windows10-2004-x64

3

MCore.dll

windows7-x64

1

MCore.dll

windows10-2004-x64

1

MCoreLib.dll

windows7-x64

3

MCoreLib.dll

windows10-2004-x64

3

MDb.dll

windows7-x64

1

MDb.dll

windows10-2004-x64

1

MFacebook.dll

windows7-x64

1

MFacebook.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    139s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IcqUpdater.exe

  • Size

    78KB

  • MD5

    45a7dc82d6914024e6bc0b9f35a7ff47

  • SHA1

    91ef4ce6bf687a56fd01fff34fcc0a2c94e0574c

  • SHA256

    a27dc336190955445785b1611a20b42492bef29573e67b36a15df3917f967337

  • SHA512

    0e88d78e683fe1b96aad44d7c3029ed54a1866b8c727cbfb2e88e354894847f378b8c297b4d7f7b8f71a1fadc8852a1ce7c373e8065f6f15dd33d8e046a70da4

  • SSDEEP

    1536:8tqy/tCwz6WKHRwmUIoY7XPTKFxgeoz8VVET68:XYtj0bmF2eoz8bETl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IcqUpdater.exe
    "C:\Users\Admin\AppData\Local\Temp\IcqUpdater.exe"
    1⤵
    • Modifies registry class
    PID:3376
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1484

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads