e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af

General

Target

e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
Size

1.8MB
MD5

15bf3375a847a847e1c5ecc4eec90845
SHA1

2bfade13676ee4e1a3670ee0e2680b946efcd6f4
SHA256

e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af
SHA512

2418543fe65af6dccc55d36c6bb536a769b1d6730d5a69e467ca6b20aedc70eb398a43d9c58004f43428fbcf6f258bc8d977df236c78322eaefdddb875b0d516
SSDEEP

49152:XD1UWvG0Oc2ztMbxd3FaxB/LlKybwsicwc2AGky:XeW+0OTWbxjGBzlKybjirk

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1980-61-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-62-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-63-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-65-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-69-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-71-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-75-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-77-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-79-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-83-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-85-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-87-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-91-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-97-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-95-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-100-0x0000000000400000-0x0000000000802000-memory.dmp	upx
behavioral1/memory/1980-99-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-93-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-89-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-81-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-73-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-67-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-103-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-105-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral1/memory/1980-106-0x0000000000400000-0x0000000000802000-memory.dmp	upx
behavioral1/memory/1980-108-0x0000000010000000-0x000000001003F000-memory.dmp	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/1980-55-0x0000000002870000-0x0000000002A3D000-memory.dmp	vmprotect
behavioral1/memory/1980-57-0x0000000002870000-0x0000000002A3D000-memory.dmp	vmprotect

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 2 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe

pid process

1980 e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe

pid process

1980 e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe

pid process

1980 e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe

pid	process
1980	e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
1980	e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
1980	e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
1980	e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
1980	e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe

C:\Users\Admin\AppData\Local\Temp\e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe
"C:\Users\Admin\AppData\Local\Temp\e0288fa7853d86924a4262cf2ef76fba5fe04c377ded99e915db4715a4ee03af.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-54-0x0000000075D61000-0x0000000075D63000-memory.dmp

Filesize
8KB

Download
memory/1980-55-0x0000000002870000-0x0000000002A3D000-memory.dmp

Filesize
1.8MB

Download
memory/1980-57-0x0000000002870000-0x0000000002A3D000-memory.dmp

Filesize
1.8MB

Download
memory/1980-61-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-62-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-63-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-65-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-69-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-71-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-75-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-77-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-79-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-83-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-85-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-87-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-91-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-97-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-95-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-100-0x0000000000400000-0x0000000000802000-memory.dmp

Filesize
4.0MB

Download
memory/1980-99-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-101-0x0000000002870000-0x0000000002A3D000-memory.dmp

Filesize
1.8MB

Download
memory/1980-93-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-89-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-81-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-73-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-67-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-103-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-105-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1980-106-0x0000000000400000-0x0000000000802000-memory.dmp

Filesize
4.0MB

Download
memory/1980-107-0x0000000002870000-0x0000000002A3D000-memory.dmp

Filesize
1.8MB

Download
memory/1980-108-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads