603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe

General

Target

603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
Size

1.4MB
MD5

8e233c992156b95805392a881e197b2e
SHA1

71edc7b81583e8bc476d3843673849d84c0eeabd
SHA256

603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe
SHA512

81f69d3c998cea39df058f4ff23d84831c50fe33e7d996b6ae708cfe4c7e27851c31494ccbe80a1018e35ec44752976ea8bed5a292c7b8e69d8d717dc0d1b3d8
SSDEEP

24576:gGZ82zzYfFalQPNUPjHnP1ZBpQO7yThjVc48E21x3JiGtzV/0lT2iTqc/l0vW3jK:D83fFGQPNudZTzyNjVc4x21x3Jft6lPy

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4252-135-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-138-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-137-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-139-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-140-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-142-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-144-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-146-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-148-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-150-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-152-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-154-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-156-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-160-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-158-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-162-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-164-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-166-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-168-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-170-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-172-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-174-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-176-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-178-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-180-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/4252-182-0x0000000010000000-0x000000001003D000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral2/memory/4252-132-0x0000000000400000-0x0000000000744000-memory.dmp	vmprotect
behavioral2/memory/4252-133-0x0000000000400000-0x0000000000744000-memory.dmp	vmprotect
behavioral2/memory/4252-181-0x0000000000400000-0x0000000000744000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

pid process

4252 603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

pid	process
4252	603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
4252	603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

pid process

4252 603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

pid process

4252 603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

pid	process
4252	603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
4252	603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
4252	603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
4252	603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
4252	603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe

C:\Users\Admin\AppData\Local\Temp\603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe
"C:\Users\Admin\AppData\Local\Temp\603f8c5b4ea6435f1d15a97382fd86580a0840b8999618e6320fd152b8870efe.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4252-132-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/4252-133-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/4252-135-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-138-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-137-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-139-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-140-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-142-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-144-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-146-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-148-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-150-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-152-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-154-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-156-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-160-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-158-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-162-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-164-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-166-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-168-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-170-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-172-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-174-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-176-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-178-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-180-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/4252-181-0x0000000000400000-0x0000000000744000-memory.dmp

Filesize
3.3MB

Download
memory/4252-182-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads