f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914

Analysis

max time kernel
8s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 23:13 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
Size

1021KB
MD5

0afdd7b669ea2e28325e7c13cbde5ed0
SHA1

ede63800ba493a2d53dc8f5725ccfd28f6064485
SHA256

f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914
SHA512

21ed0bd0d602f73f4f945bdad2a3708fdcf5d819db96865fb154f658baea359e39542dc282ed727766c74b2599cebe1e341592096d7205de1e6cc2633d708b9a
SSDEEP

24576:/WLaIsYTqLqVcw+QNAjOLc3FTo8TVi4QkdixG:/b9YGzw+OAKgf3QG

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4736-132-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3404-141-0x0000000000400000-0x0000000000646000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4736 set thread context of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4388	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	37
PID 4736 wrote to memory of 4388	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	37
PID 4736 wrote to memory of 4388	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	37
PID 4736 wrote to memory of 3192	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	36
PID 4736 wrote to memory of 3192	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	36
PID 4736 wrote to memory of 3192	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	36
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35

C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
"C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  2⤵
  PID:3404
- C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  2⤵
  PID:3192
- C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  2⤵
  PID:4388

Network

DNS

164.2.77.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.2.77.40.in-addr.arpa

IN PTR

Response
DNS

164.2.77.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.2.77.40.in-addr.arpa

IN PTR
DNS

164.2.77.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.2.77.40.in-addr.arpa

IN PTR
DNS

164.2.77.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.2.77.40.in-addr.arpa

IN PTR
DNS

164.2.77.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

164.2.77.40.in-addr.arpa

IN PTR

209.197.3.8:80

52 B
1
209.197.3.8:80

260 B
5
93.184.220.29:80

322 B
7
93.184.220.29:80

322 B
7
93.184.220.29:80

260 B
5
78.27.130.153:80

52 B
1
91.228.12.156:80

190 B
92 B
4
2
211.135.56.156:80

52 B
1
77.121.186.162:80

52 B
1
176.104.172.163:80

52 B
1
91.228.12.156:80

208 B
4
8.253.225.254:80

322 B
7
8.253.225.254:80

322 B
7
5.178.198.205:80

260 B
5
31.202.200.205:80

260 B
5
77.122.179.206:80

260 B
5
190.189.147.214:80

260 B
5
178.74.246.221:80

260 B
5
85.17.31.111:80

260 B
5
79.120.247.116:80

260 B
5
5.105.31.117:80

260 B
5
188.247.104.118:80

260 B
5
141.170.234.120:80

260 B
5
186.115.146.227:80

260 B
5
83.166.221.233:80

260 B
5
125.15.18.236:80

260 B
5
77.122.172.240:80

260 B
5
178.137.222.247:80

260 B
5
209.197.3.8:80

322 B
7
78.84.22.12:80

52 B
1
89.37.68.13:80

144 B
92 B
3
2
176.37.119.19:80

52 B
1
94.76.78.20:80

52 B
1
109.87.199.28:80

52 B
1
89.37.68.13:80

http

1.7kB
52 B
10
1

8.8.8.8:53

164.2.77.40.in-addr.arpa

dns

350 B
144 B
5
1

DNS Request

164.2.77.40.in-addr.arpa

DNS Request

164.2.77.40.in-addr.arpa

DNS Request

164.2.77.40.in-addr.arpa

DNS Request

164.2.77.40.in-addr.arpa

DNS Request

164.2.77.40.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3404-139-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-136-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-140-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-141-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-142-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/4736-132-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4736-138-0x0000000000540000-0x0000000000544000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.