a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d

General

Target

a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe
Size

6.0MB
MD5

44001ca5dbf7008c4bad89afe27b013a
SHA1

b0360c0ce7fabb69d97feab27eb7f4e2fcb43bf1
SHA256

a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d
SHA512

697b40e63b3424e91f1b558bf0c90136c6ff501ec75dc924a38cfce3e044f5e5b50c1d0529b644470100e8a8e04f66fe74933380b10ef158327d6e05543427fe
SSDEEP

49152:iYiE1jCUm+cgBmvhGcB/xEuXbSoN7nNs3kukOhAyGWv4uAJ+s8KuqGaX0ToIBAUW:ViE1j1mgBmJh/3LSoFeG0VJBAUZLs

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1480-55-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-56-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-59-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-61-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-63-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-65-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-67-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-69-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-71-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-73-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-77-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-79-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-81-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-83-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-87-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-89-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-91-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-95-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-97-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-93-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-85-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-75-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-57-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1480-98-0x0000000010000000-0x000000001003F000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1480	a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1480	a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe
1480	a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe
1480	a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe
1480	a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe

C:\Users\Admin\AppData\Local\Temp\a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe
"C:\Users\Admin\AppData\Local\Temp\a01c7b5a490566ea8904df28200e1dac25bb33cd20cae959fe24dbd23cdb506d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1480-54-0x0000000076201000-0x0000000076203000-memory.dmp

Filesize
8KB

Download
memory/1480-55-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-56-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-59-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-61-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-63-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-65-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-67-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-69-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-71-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-73-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-77-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-79-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-81-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-83-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-87-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-89-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-91-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-95-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-97-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-93-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-85-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-75-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-57-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1480-98-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing