Analysis
-
max time kernel
342s -
max time network
356s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
26-11-2022 17:27
General
-
Target
50022f34f0fe23bdcbbfafcbd864d4af0f0179cabff673c570517ce5050ce5b9.exe
-
Size
3.3MB
-
MD5
76ebd050fc382b8bf39dbb2999b1c82e
-
SHA1
a475e2ed3ba98284bbca0e587f4534b972798a6b
-
SHA256
50022f34f0fe23bdcbbfafcbd864d4af0f0179cabff673c570517ce5050ce5b9
-
SHA512
7284b6bb5f038ea411d314ec92592fc1ba5cfdf2c15ace6f11438c50fc9267fa29593c386d32feb914f63ae4f79f5b6a8ad60b13d4d7aa30fdaea103869aa09d
-
SSDEEP
49152:aI1hgSzcdImYvVgvmaaBNxPawGe1Edw4zD9uZucnzc:/hLFmYvVgCSwG9dBPcnI
Malware Config
Signatures
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
VMProtect packed file 4 IoCs
Detects executables packed with VMProtect commercial packer.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\50022f34f0fe23bdcbbfafcbd864d4af0f0179cabff673c570517ce5050ce5b9.exe"C:\Users\Admin\AppData\Local\Temp\50022f34f0fe23bdcbbfafcbd864d4af0f0179cabff673c570517ce5050ce5b9.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4672-132-0x0000000000400000-0x00000000007A4000-memory.dmpFilesize
3.6MB
-
memory/4672-133-0x0000000000400000-0x00000000007A4000-memory.dmpFilesize
3.6MB
-
memory/4672-135-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-136-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-137-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-139-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-141-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-143-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-145-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-148-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-150-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-152-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-154-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-156-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-158-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-160-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-162-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-164-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-166-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-168-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-170-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-172-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-174-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-176-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-178-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB
-
memory/4672-179-0x0000000000400000-0x00000000007A4000-memory.dmpFilesize
3.6MB
-
memory/4672-180-0x0000000000400000-0x00000000007A4000-memory.dmpFilesize
3.6MB
-
memory/4672-181-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB