719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087

Analysis

max time kernel
106s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
Size

2.1MB
MD5

be3413973638497cee168f91871d2a9e
SHA1

1006e94a58979e462f5a6dc4aae6ff746f6c7bff
SHA256

719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087
SHA512

e49bab5a73b947da3a9aebddd924bcd5081292d0addf6b1c679f78aad488421af1f4cc6cfae6e195c6b6894405be36c0bd2d806b67a8ff5e2dbc063af9ca4fc8
SSDEEP

49152:twgU3vY6JkzSXAjbYPicgTUbBQ9EhLFwf9rNJwdeH+PaCnMuG:DU3rJkzSQwqc/ZwFrNGkHmaCnMf

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2176-1487-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1490-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1489-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1491-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1494-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1492-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1496-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1498-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1502-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1504-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1500-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1508-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1506-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1510-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1512-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1514-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1516-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1518-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1520-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1522-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1528-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1526-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1524-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1530-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1533-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2176-1535-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 13 IoCs

pid	Process
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2340	2176	WerFault.exe	24

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
2176	719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe

C:\Users\Admin\AppData\Local\Temp\719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe
"C:\Users\Admin\AppData\Local\Temp\719b101cd8cac4597a0816b1d122ba957de6291df459dc4518b28cb743974087.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:2176
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 1724
  2⤵
  - Program crash
  PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2176 -ip 2176
1⤵
PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2176-132-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-133-0x00000000776F0000-0x0000000077893000-memory.dmp

Filesize
1.6MB

Download
memory/2176-134-0x0000000076E30000-0x0000000077045000-memory.dmp

Filesize
2.1MB

Download
memory/2176-136-0x0000000077540000-0x00000000776E0000-memory.dmp

Filesize
1.6MB

Download
memory/2176-137-0x0000000076B60000-0x0000000076BDA000-memory.dmp

Filesize
488KB

Download
memory/2176-1481-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-1482-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-1483-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-1484-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-1486-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-1487-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1490-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1489-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1491-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1494-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1492-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1496-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1498-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1502-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1504-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1500-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1508-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1506-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1510-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1512-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1514-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1516-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1518-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1520-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1522-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1528-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1526-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1524-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1530-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1531-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-1533-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1534-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download
memory/2176-1535-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2176-1536-0x0000000000400000-0x00000000006C9000-memory.dmp

Filesize
2.8MB

Download