789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00

Analysis

max time kernel
25s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe
Size

10.2MB
MD5

a191675d5299956bcab6c52668760efe
SHA1

1180050f6043ea1e587595a08621bdc3230cc072
SHA256

789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00
SHA512

814205105e9169a102482088efcbeed3959d53cb7b6c5a75d5b69e4fcca0db1c2219468048670ba1ae12bfe366f71f04528b838de9857da74f5dee8a172d68ac
SSDEEP

196608:kTL5o5oAssNIte1cmk+385NGp1I0wfSZBZN27:7573cmktNGpK0xZB

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2036-58-0x0000000000360000-0x00000000003D2000-memory.dmp	upx
behavioral1/memory/2036-57-0x0000000000360000-0x00000000003D2000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/2036-55-0x0000000000400000-0x0000000000E64000-memory.dmp	vmprotect
behavioral1/memory/2036-56-0x0000000000400000-0x0000000000E64000-memory.dmp	vmprotect
behavioral1/memory/2036-59-0x0000000000400000-0x0000000000E64000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe

pid	process
2036	789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe
2036	789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe
2036	789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe

description pid process

Token: SeDebugPrivilege 2036 789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe

description	pid	process
Token: SeDebugPrivilege	2036	789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe

pid	process
2036	789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe
2036	789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe

C:\Users\Admin\AppData\Local\Temp\789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe
"C:\Users\Admin\AppData\Local\Temp\789081272900bfd5ce0d0dd0045fbadedcef240416620893358981ba1afcda00.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2036

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-54-0x00000000753D1000-0x00000000753D3000-memory.dmp

Filesize
8KB

Download
memory/2036-55-0x0000000000400000-0x0000000000E64000-memory.dmp

Filesize
10.4MB

Download
memory/2036-56-0x0000000000400000-0x0000000000E64000-memory.dmp

Filesize
10.4MB

Download
memory/2036-58-0x0000000000360000-0x00000000003D2000-memory.dmp

Filesize
456KB

Download
memory/2036-57-0x0000000000360000-0x00000000003D2000-memory.dmp

Filesize
456KB

Download
memory/2036-59-0x0000000000400000-0x0000000000E64000-memory.dmp

Filesize
10.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads