0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
Size

2.7MB
MD5

e686f4f4c923ccbe7b9a90e225ee6f75
SHA1

b70cb0c93aea59e85c87fea11ccc124f2012079e
SHA256

0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d
SHA512

9e6d0c828ee49a02226b625e7b4b847fb4cf1d569617dc917185a2068059d55f33fba79719052bbd82545b4e753a372fb8e34c7df0e9e90128ad920020ab2620
SSDEEP

49152:GEmq6hMhvevTNwyfMVnDwGJ+s8KuqGaX0ToIBAUZLY4:uMVevRVfNGiJBAUZLz

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 38 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1604-55-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-58-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-57-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-60-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-62-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-66-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-70-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-68-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-76-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-74-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-78-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-72-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-64-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-59-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-80-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-82-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-86-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-84-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-92-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-94-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-90-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-88-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-96-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-98-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-100-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-101-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-103-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-104-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-106-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-105-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-108-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-110-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-112-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-114-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-116-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-118-0x0000000002320000-0x000000000235D000-memory.dmp	upx
behavioral1/memory/1604-149-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/1604-150-0x0000000002320000-0x000000000235D000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
Token: SeDebugPrivilege	1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
Token: SeDebugPrivilege	1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
Token: SeDebugPrivilege	1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
1604	0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe

C:\Users\Admin\AppData\Local\Temp\0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe
"C:\Users\Admin\AppData\Local\Temp\0aa3ceb461c416a9f560ff8fcaa6547e94ca8a392f50c82fd52ee84f14cf9a0d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1604

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1604-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download
memory/1604-55-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-58-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-57-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-60-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-62-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-66-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-70-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-68-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-76-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-74-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-78-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-72-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-64-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-59-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-80-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-82-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-86-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-84-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-92-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-94-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-90-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-88-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-96-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-98-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-100-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-101-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-103-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-104-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-106-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-105-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-108-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-110-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-112-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-114-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-116-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-118-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download
memory/1604-149-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1604-150-0x0000000002320000-0x000000000235D000-memory.dmp

Filesize
244KB

Download