f11246633416d282b130e0f592ed50c9514bc6d2cf80e73d53daa26d477281a1

Analysis

max time kernel
25s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 03:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f11246633416d282b130e0f592ed50c9514bc6d2cf80e73d53daa26d477281a1.exe
Size

255KB
MD5

cc7af66cbf75ec24dfd790cb33743f81
SHA1

47dbb042e55dc2bc1ab2f6236cd2644e23d5f1e7
SHA256

f11246633416d282b130e0f592ed50c9514bc6d2cf80e73d53daa26d477281a1
SHA512

045753b5af1660ce7afe898da9af9dc0fef8e2e9c7f401f5b4a85326f4a376a691fb66e8c246b40ac0880735351a5d33dfa667519db888f9d96448fad0a66c48
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJB:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIQ

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3516-132-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral2/files/0x000a000000022def-134.dat	upx
behavioral2/files/0x0006000000022e06-144.dat	upx
behavioral2/files/0x0006000000022e06-143.dat	upx
behavioral2/files/0x0006000000022e05-141.dat	upx
behavioral2/files/0x0006000000022e05-140.dat	upx
behavioral2/files/0x000b000000022dfb-138.dat	upx
behavioral2/files/0x000b000000022dfb-137.dat	upx
behavioral2/memory/4280-147-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral2/memory/512-151-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral2/memory/4980-150-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral2/memory/3516-153-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral2/memory/4912-149-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral2/memory/4300-148-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral2/files/0x0006000000022e05-146.dat	upx
behavioral2/files/0x000a000000022def-135.dat	upx
behavioral2/files/0x0006000000022e07-155.dat	upx
behavioral2/files/0x0002000000009ded-154.dat	upx

C:\Users\Admin\AppData\Local\Temp\f11246633416d282b130e0f592ed50c9514bc6d2cf80e73d53daa26d477281a1.exe
"C:\Users\Admin\AppData\Local\Temp\f11246633416d282b130e0f592ed50c9514bc6d2cf80e73d53daa26d477281a1.exe"
1⤵
PID:3516
- C:\Windows\SysWOW64\mxbzxgoaoctvy.exe
  mxbzxgoaoctvy.exe
  2⤵
  PID:4980
- C:\Windows\SysWOW64\ucheytoe.exe
  ucheytoe.exe
  2⤵
  PID:4912
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
  2⤵
  PID:2980
- C:\Windows\SysWOW64\hhjnydqnvlivyyv.exe
  hhjnydqnvlivyyv.exe
  2⤵
  PID:4300
- C:\Windows\SysWOW64\mcznotjcti.exe
  mcznotjcti.exe
  2⤵
  PID:4280

C:\Windows\SysWOW64\ucheytoe.exe
C:\Windows\system32\ucheytoe.exe
1⤵
PID:512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe

Filesize
30KB

MD5
aac5415fad1ec1d31115bb2b1c119d01

SHA1
06ac9fab28215ddf9bb5a36c3a776f386eb276be

SHA256
0588144a1f0c1ff59e9c0a28f88187a2c1bd4343114dfa34cc7939a9fc325d43

SHA512
0b2b5339acba2007eebae44ff2e1217664e7b35b2d89d287b25445f2aa1588184244fafa924dfc2c623c24bf6cea2b8f9e1e4cbf07ea0fe3222dfdb92a2f5cc7

Download Submit
C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe

Filesize
16KB

MD5
3e2960232035c2c58086cd9c6439ed38

SHA1
c50a81e136af15955f25efcf029669379527f897

SHA256
775c4c27ac364a98346ad2ee96d4805d5fbad015793ff86052b8577c4cd2003f

SHA512
18f3159e27ae2e3e0adf6268a6dfb673c7b042cdd63c726585a154acc29bb1647bb734b3f0dae9ed5e5a213949d2d8f80ce1b68b987895bfa2f3fb6239cea49e

Download Submit
C:\Windows\SysWOW64\hhjnydqnvlivyyv.exe

Filesize
45KB

MD5
56998ad396588185ad11c8b7dbfb595f

SHA1
2a45891fbad0db60c76d79594f4ae3074708ec9b

SHA256
c61bb3cca5bdbf51d4587168f41fe7060ef0585c4f72de05f0b002fa669ce4a3

SHA512
4b2efe8f87bd8eda9808b7138a0c9f986cb1131fa40244f208ad7d81ae166ffdf5875d073812244f9dc032c77bd80daf5f8f474def38241ff2474fd21d359b2b

Download Submit
C:\Windows\SysWOW64\hhjnydqnvlivyyv.exe

Filesize
39KB

MD5
e85382f2c117d00e20c0a0acecb72619

SHA1
de5130ed3d2ae7ed13f2c2c9dad67a8c208c87ef

SHA256
bb06af6857bb10478dcba2a52cfc1923043d9a9ec63af32cbdc9ecc2a6e65f12

SHA512
2cd0a38bf4b59b85ab3be828536d39b5d8467f12d6f80be97710f6a277c20ed182c67e59a11360896f4fafaaf1becf0974858b77a59a024f7202a5c2c2c114ce

Download Submit
C:\Windows\SysWOW64\mcznotjcti.exe

Filesize
15KB

MD5
b1c9fc7866a32d6aa114a351ebfc3055

SHA1
c390aee502517d66e8abc99141ab9fd277ac53f3

SHA256
2ac9ab4ebc6f80f0a49411d02e771296c68b2ce542b7c20bc540cc44eea69d3b

SHA512
e81e55eb0a4c2579f76c866aa4336bb4d6075f62f22a7f3621f1182de7e405d004d55d372a864f16945cb561af8ae214a3e92ed3ff724ca6183a677143701383

Download Submit
C:\Windows\SysWOW64\mcznotjcti.exe

Filesize
35KB

MD5
d04b3b9ac8be6f227c736afd1999751b

SHA1
2d806e2df77237904cbd48616877cadb5a6399d0

SHA256
c9a57b9975b360e874f8e02fab964697df00c68b21e967439df6c5508165b622

SHA512
d5a1e2f4118eeca54aa372ad4b187680d3368295978c01979746d4dd564fb7f14d4b3ea66d0667c87e5e5688a9fae2c28891e480b6af2f3a541cf87f871b5b64

Download Submit
C:\Windows\SysWOW64\mxbzxgoaoctvy.exe

Filesize
41KB

MD5
9f382505145d382a332c675686fe0e37

SHA1
b933cd7371a36a58e31e00e0ef186f3c43fb1ae7

SHA256
81d3e6b29d50c50ae668b691249e38fcb20584eed16c51a0ca09e437606c98f1

SHA512
226ec30bf75732699f3b370c7a65e8bc37139b2c473d8f866a0d38a64a5cf75f4596d38357db93ebea7da4e8e53786c8c44b7a51daae69b0ed1dc29d67ee181d

Download Submit
C:\Windows\SysWOW64\mxbzxgoaoctvy.exe

Filesize
43KB

MD5
d93ab11bf22ff578869533f1119ec29f

SHA1
fd25fc287953d2791e27e072ab5a0624d409a18d

SHA256
dd44399fcde3f7f2adb5389d55ad7dc9ea8b3a2ad845a3257d354ee954c1d18b

SHA512
89294a5a7dc82924104167d9240f0534e9f2d79a5babc6b7dee9b6d273a4327c2c6c384259d3862d4ffac59010a37c8e8680eff12a3719553521a875eee6d135

Download Submit
C:\Windows\SysWOW64\ucheytoe.exe

Filesize
20KB

MD5
937d0bd205e12b3e87c22225b197c89a

SHA1
e0fefb743a893e31069f7641b2fc20c9f10b5cd0

SHA256
624eaba5618ef3c0cb6aaed89ec35f5017a4d2ad2d1f1d98286b9e39328484ed

SHA512
7a33f8fad7ec9f4e24440652bebfba4617e52a6e6f9304e63b6ff1ce38f80d46fd40f0e1ff87d265a79f88df8fbc06c6edc916ebdcc54e4fa234ca4aed9453b6

Download Submit
C:\Windows\SysWOW64\ucheytoe.exe

Filesize
24KB

MD5
ffffd04369852f6a5e23477b071885e3

SHA1
a1fd05983ab7c19ac892ba3dea96d5e94f0c8f14

SHA256
f9e53ad36a1ea6924c11d48d9daa1439f691c530fe8b8d6a09a86630346016b8

SHA512
c7f8a1b813a8134b0bef327c747c5f1c361ac340d883b47a6eee002d0fbaf73c442d8b95e042156570fcfe65f865b322e0ef3d553ca1bef2f5f0e5867a2bb7eb

Download Submit
C:\Windows\SysWOW64\ucheytoe.exe

Filesize
23KB

MD5
91cf2d60b739b71860e026594096ea65

SHA1
ef4b86ed94d9f7d841703c1eb3c17f4b28e90e20

SHA256
daf94802a55a82e6a17185de58f74f3eec67b25f803a2b23116b17f0ad5df7c8

SHA512
a2d2f7acddb53f48091094b289390803050290a676664dea5a8ba54912d1149d778f51c4741f4da8cc2fa972156f18a9fccc3aae36ffe60a44ea819293163114

Download Submit
memory/512-151-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/2980-157-0x00007FFE83C30000-0x00007FFE83C40000-memory.dmp

Filesize
64KB

Download
memory/2980-159-0x00007FFE83C30000-0x00007FFE83C40000-memory.dmp

Filesize
64KB

Download
memory/2980-158-0x00007FFE83C30000-0x00007FFE83C40000-memory.dmp

Filesize
64KB

Download
memory/2980-160-0x00007FFE83C30000-0x00007FFE83C40000-memory.dmp

Filesize
64KB

Download
memory/2980-156-0x00007FFE83C30000-0x00007FFE83C40000-memory.dmp

Filesize
64KB

Download
memory/3516-153-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/3516-132-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/4280-147-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/4300-148-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/4912-149-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/4980-150-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads