Overview
overview
6Static
static
3mircciOper...tor.js
windows7-x64
3mircciOper...tor.js
windows10-2004-x64
3mircciOper...rc.dll
windows7-x64
3mircciOper...rc.dll
windows10-2004-x64
3mircciOper...ood.js
windows7-x64
3mircciOper...ood.js
windows10-2004-x64
3mircciOper/mirc.exe
windows7-x64
6mircciOper/mirc.exe
windows10-2004-x64
6mircciOper/mp3.js
windows7-x64
3mircciOper/mp3.js
windows10-2004-x64
3mircciOper/script1.js
windows7-x64
3mircciOper/script1.js
windows10-2004-x64
3mircciOper...t10.js
windows7-x64
3mircciOper...t10.js
windows10-2004-x64
3mircciOper...ll.dll
windows7-x64
3mircciOper...ll.dll
windows10-2004-x64
3mircciOper...ots.js
windows7-x64
3mircciOper...ots.js
windows10-2004-x64
3mircciOper...ots.js
windows7-x64
3mircciOper...ots.js
windows10-2004-x64
3mircciOper/tbwin.dll
windows7-x64
3mircciOper/tbwin.dll
windows10-2004-x64
3mircciOper...RS.dll
windows7-x64
3mircciOper...RS.dll
windows10-2004-x64
3mircciOper...EN.dll
windows7-x64
3mircciOper...EN.dll
windows10-2004-x64
3mircciOper...DX.dll
windows7-x64
3mircciOper...DX.dll
windows10-2004-x64
3mircciOper...WS.dll
windows7-x64
3mircciOper...WS.dll
windows10-2004-x64
3mircciOper...ls.dll
windows7-x64
3mircciOper...ls.dll
windows10-2004-x64
3Analysis
-
max time kernel
139s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
20-08-2024 17:57
Static task
static1
Behavioral task
behavioral1
Sample
mircciOper/QueryAcceptor.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
mircciOper/QueryAcceptor.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
mircciOper/fp/airc.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral4
Sample
mircciOper/fp/airc.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
mircciOper/fp/flood.js
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral6
Sample
mircciOper/fp/flood.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
mircciOper/mirc.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
mircciOper/mirc.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
mircciOper/mp3.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral10
Sample
mircciOper/mp3.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
mircciOper/script1.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
mircciOper/script1.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
mircciOper/script10.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
mircciOper/script10.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
mircciOper/system/aircdll.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral16
Sample
mircciOper/system/aircdll.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
mircciOper/system/bots.js
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral18
Sample
mircciOper/system/bots.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
mircciOper/system/yedek_bots.js
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral20
Sample
mircciOper/system/yedek_bots.js
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
mircciOper/tbwin.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
mircciOper/tbwin.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
mircciOper/webview/BARS.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
mircciOper/webview/BARS.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
mircciOper/webview/CTL_GEN.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral26
Sample
mircciOper/webview/CTL_GEN.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
mircciOper/webview/MDX.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
mircciOper/webview/MDX.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
mircciOper/webview/VIEWS.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral30
Sample
mircciOper/webview/VIEWS.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
mircciOper/webview/kTools.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
mircciOper/webview/kTools.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
mircciOper/mirc.exe
-
Size
1.9MB
-
MD5
d20dd1be97ee43da4e7efd0030af834f
-
SHA1
12f926bc76402a564e6cb49297651273ac742dd9
-
SHA256
96a27f0a8fe9566e230241cd7f06a43ee9be2adcf160df99626cd584b4806b3c
-
SHA512
0bc965e3290c817680a6374ed486462d30d439d4462929db5fad935aa481fde7e16063f7e450664ce47a90710d48a7a3268256ca97339c0307acc8427e20af94
-
SSDEEP
24576:vu171jcC5n7rnCr7idVXDyOf3yz4yr3sjOGDhwYnbwCM/6nfxJBUk/uzP5NCbi9e:AJzV6ZqbwCMifxJBuv6X7CKT
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mirc.exe -
Modifies registry class 40 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ifexec\ = "%1" mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mircciOper\\mirc.exe\"" mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\ = "URL:IRC Protocol" mirc.exe Key created \REGISTRY\MACHINE\Software\Classes\irc\DefaultIcon mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command mirc.exe Key created \REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec mirc.exe Key created \REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\ifexec mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.chat mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mircciOper\\mirc.exe\" -noconnect" mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\URL Protocol mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irc mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.cha mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic\ = "Connect" mirc.exe Key created \REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Application mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.chat\ = "ChatFile" mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ifexec\ = "%1" mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Topic mirc.exe Key created \REGISTRY\MACHINE\Software\Classes\irc mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\ = "Chat File" mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\DefaultIcon mirc.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\EditFlags = 02000000 mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mircciOper\\mirc.exe\"" mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cha\ = "ChatFile" mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\ = "%1" mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\ChatFile\Shell\open\ddeexec\Application\ = "mIRC" mirc.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell mirc.exe Key created \REGISTRY\MACHINE\Software\Classes\irc\Shell\open\ddeexec\Topic mirc.exe Key created \REGISTRY\MACHINE\Software\Classes\irc\Shell\open\command mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\mircciOper\\mirc.exe\" -noconnect" mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\ = "%1" mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Application\ = "mIRC" mirc.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\irc\Shell\open\ddeexec\Topic\ = "Connect" mirc.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2524 mirc.exe 2524 mirc.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD564862ae4967c286dc7bd3d2e6cebf79f
SHA19a16dd6e39333ad732ebaf222d6114684d7bcf8a
SHA25679cf5d00247d45fc465f7911be37521782732ce56428f293619dcb7f3e45d063
SHA512e74a62d2768226d3a7079cc7554cf3333a090473e0bb29197927c15118375c43fb1d86896620c4ff668bf6b16d6b99107d9491dcc991c208d2da6f3f1da15bfb