4df448b9c01fb42bdf6482f214bdb005a27396206c8b81a40bc63782c2404eca

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2024, 14:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ExeFile (200).exe
Size

777KB
MD5

f5d9021bf02680122ef5de324eb173b2
SHA1

e69e5676df042c1c54d9167d43646d5a89e4384c
SHA256

4df448b9c01fb42bdf6482f214bdb005a27396206c8b81a40bc63782c2404eca
SHA512

2245761ffeffbf90d321b74684a25bf75c73e16594806c14b81a2afb9605e358f5b3a5d7ddd177fb5deb207cc29e065381a4cb15bb95b798ef48b5d321693450
SSDEEP

24576:fEifyPr6VykH1rBM6B8pfrCeG01qPx1q90i8dcE3b:f5y8JpBQ+eWyocI

Score

7^/10

discovery spyware stealer upx

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2768-0-0x0000000000A30000-0x0000000000BED000-memory.dmp	upx
behavioral2/memory/2768-204-0x0000000000A30000-0x0000000000BED000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ExeFile (200).exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	ExeFile (200).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	ExeFile (200).exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\IESettingSync	ExeFile (200).exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	ExeFile (200).exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2768	ExeFile (200).exe
2768	ExeFile (200).exe
2768	ExeFile (200).exe
2768	ExeFile (200).exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2768	ExeFile (200).exe
2768	ExeFile (200).exe

C:\Users\Admin\AppData\Local\Temp\ExeFile (200).exe
"C:\Users\Admin\AppData\Local\Temp\ExeFile (200).exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\mediaget-logo.png

Filesize
14KB

MD5
a27c51e0821ff975c33c70578bbe1d97

SHA1
e067c98ec18da0264209247a898958334778ddfc

SHA256
29ebd96d14dee8e335a674bf093af7abfd1cbd931b3277516fbcd037366d1344

SHA512
4ecfd3ce91179fd6e59c8fa97322ef36a46c773fd608577343d96c97492d39f6da42e7926c67883a3c48782a5293d1fa71d043380acc0d8a41538241f1ed0395

Download Submit
C:\Users\Admin\AppData\Local\Temp\mediaget-installer-tmp\preloader.html

Filesize
352B

MD5
3e2a88c55776a6118c91b8b11d5211a3

SHA1
e42024445c7859365c52c305b08b50152bd1e256

SHA256
57b689d69089b3de9be51928fe6c9a08664f986bc68ebabbb886bf3c26b1ec03

SHA512
706232d6c903955385ab95248e46bf293ed457aaf56b4095b023c782892d5a702b1da1e69f3de8fa81a9140d1e0f90c0dfca5f7d28071da3e3318dbba9477f26

Download Submit
memory/2768-0-0x0000000000A30000-0x0000000000BED000-memory.dmp

Filesize
1.7MB

Download
memory/2768-1-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/2768-204-0x0000000000A30000-0x0000000000BED000-memory.dmp

Filesize
1.7MB

Download
memory/2768-206-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download