73ed8e7786da9b099e869fb6c8ac19dd3c223a8fb7d577b8f8be364b641da13b

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
submitted
25-11-2024 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FILE_InstallMeAny.exe

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2432-0-0x0000000000DE0000-0x0000000001225000-memory.dmp	upx
behavioral1/memory/2432-274-0x0000000000DE0000-0x0000000001225000-memory.dmp	upx
behavioral1/memory/2432-819-0x0000000000DE0000-0x0000000001225000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FILE_InstallMeAny.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	FILE_InstallMeAny.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	FILE_InstallMeAny.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	FILE_InstallMeAny.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2432	FILE_InstallMeAny.exe
2432	FILE_InstallMeAny.exe
2432	FILE_InstallMeAny.exe
2432	FILE_InstallMeAny.exe

C:\Users\Admin\AppData\Local\Temp\FILE_InstallMeAny.exe
"C:\Users\Admin\AppData\Local\Temp\FILE_InstallMeAny.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5f136b57df52d688137949ba974687f

SHA1
b4656a88c64d6c94e4bf45c5403f5314fac8cb6d

SHA256
df7dd0eebe55c4b40ec9db258cfbd6e0116f34f1f041adf4552de65ff60597de

SHA512
fe6bc1eaeed5174e22d5bbf0c8d4b5688cd60ed91984cf5e19817f77550a849fe9124fc4cc8ca54712234ff149e22e92d71764fdd788d39b70e601f3526c2e02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfa61c716324a03f391bddc67c3e2d1b

SHA1
e8774424176c03ad658732b56c7a615950b452cb

SHA256
3fc7f10a0b8520093c03707f4a8a576d53bf0d3cbca176f70b322cec383e52d0

SHA512
96fc285b29712f1d21eb9a110e01d94cd6cf265a9437766c4fc31867c9104c189f4d95b7a654b16fa274024d5ae380f62551dfe9af56259b11e52fa46d405cf4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8fe17ee5203c329294e742cacf86e18

SHA1
dcf87c11eace49753e379fc70d56e458e3a8981f

SHA256
a77ff2fbeaad87e0e5efeae02ba96774e93da2a11a707f9113f1733c607e0a96

SHA512
afddf002e383d16ff9505e8c118591f69d0663ff61d9d2df7cffcf52b894675f9618a43eca68c8fdb835e851bb2e7df939a1c3cf6d2aed80153d30f6872af31f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7eee83420e34e1996465f7840de5bddb

SHA1
6c74477322a60ade37e4fbfb852e5ffa843b480d

SHA256
376da3ae1782d8ba3fb5691e63054d8656fa117ceee6d7cf2ace5b7d89207b8b

SHA512
1e8e8f37f8c0a87f3a4151b8c20de6d1a92d608717ad59ec26161eff9041048a71c111ae263c8a943f3a4ce6d32c88f3d8c2cb402c12602b9693ef6964a16e6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1edd9dd62ad7c40555c4abba879ded6

SHA1
7775a89f97ddc1717579a582a5ee9fa44a8bd2c3

SHA256
87f166bfdc4197e3053c81b2ddaec23a1691457cd777664dc550ab084ca54edf

SHA512
13df2d91a53e5531cc17f4bf2e1f185c3f5a874314387f8025b6eca6aede1fcbb68d16c3d9abbdcb261e4465be804d13f8b832e6d7430332a010dfad57fd67c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcc370cd54d671e179491f94f7acec64

SHA1
a17e89c45b41d8f114efaa10e9c871a71984aebe

SHA256
2b4e1138ddd396c88a5618da707ecbf916996d1787c900a653ef01338ea053bb

SHA512
09942744be8cb33a6ff1f03ff17ddac2b466c0f6d5263fb0c9bd8c901bea77e94e1eadd4907243f578ebd2349e8ee6c56ca6e8f385aa0fa32250aed32bb78758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9663e1cd98b6c7c129c3a2fb86473efb

SHA1
0d7def8f4fd08e8868590f14d9f0f78b36cb88cf

SHA256
16fa31b54a6666fe9c76a4ed506ed701a76a6f73ffdb71c34c31b34f0d74bef0

SHA512
a371e6b652ef3417d92eef990fb764773bdb397faf64ada359e82c78da47ca7823075b94db2b79a882909c4dae7895348845355e5b6286fd774250ee3615814a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9ddfe014918274992fe9be13ab7006d

SHA1
35aa197d3436c18e6eefa5a97aa03311e2cb380e

SHA256
45eb6d9d6348a26de676e947f19aa3558596626e8a706abdaa7b2c5df2cbf809

SHA512
44fc70fdc8b2e83aad2f272295b807e5cbbfd3291fc309a78094d446728a0eea5433ee958b7effb5090d8fc8ef93a7a9e078c69bf8883ea0d6d0aee1d65c5921

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA7C6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA7F8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2432-274-0x0000000000DE0000-0x0000000001225000-memory.dmp

Filesize
4.3MB

Download
memory/2432-0-0x0000000000DE0000-0x0000000001225000-memory.dmp

Filesize
4.3MB

Download
memory/2432-819-0x0000000000DE0000-0x0000000001225000-memory.dmp

Filesize
4.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads