f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914

Analysis

max time kernel
8s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 23:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
Size

1021KB
MD5

0afdd7b669ea2e28325e7c13cbde5ed0
SHA1

ede63800ba493a2d53dc8f5725ccfd28f6064485
SHA256

f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914
SHA512

21ed0bd0d602f73f4f945bdad2a3708fdcf5d819db96865fb154f658baea359e39542dc282ed727766c74b2599cebe1e341592096d7205de1e6cc2633d708b9a
SSDEEP

24576:/WLaIsYTqLqVcw+QNAjOLc3FTo8TVi4QkdixG:/b9YGzw+OAKgf3QG

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4736-132-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/3404-141-0x0000000000400000-0x0000000000646000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4736 set thread context of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 4388	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	37
PID 4736 wrote to memory of 4388	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	37
PID 4736 wrote to memory of 4388	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	37
PID 4736 wrote to memory of 3192	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	36
PID 4736 wrote to memory of 3192	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	36
PID 4736 wrote to memory of 3192	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	36
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35
PID 4736 wrote to memory of 3404	4736	f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe	35

C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
"C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  2⤵
  PID:3404
- C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  2⤵
  PID:3192
- C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  C:\Users\Admin\AppData\Local\Temp\f53d400db75af95e7026b9d12158ccfce4ca4378c034dded9c6f9093b3f6e914.exe
  2⤵
  PID:4388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3404-139-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-136-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-140-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-141-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/3404-142-0x0000000000400000-0x0000000000646000-memory.dmp

Filesize
2.3MB

Download
memory/4736-132-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4736-138-0x0000000000540000-0x0000000000544000-memory.dmp

Filesize
16KB

Download