365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2

General

Target

365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe
Size

873KB
MD5

5e4c6ef932dcb6bc250db15a63de5222
SHA1

9d1d8d17f38371ad4db15a7a1b18591b0df70c3a
SHA256

365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2
SHA512

ff9827fd094b885f69ec6a91903d7a3570a9cbbecca6a11153515d2aaaae8a7e436b21a9f044026f95e6831f4a220d19de1c053268908b5fa99be68450f75bf0
SSDEEP

24576:f5z7aO1MV0IX75IXAWpGanqaeJzUFJDoVuuzzWPus/frJz:f5hqV0M75IQwx4UFJDSWPT/1z

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1524-132-0x0000000000400000-0x000000000056E000-memory.dmp	upx
behavioral2/memory/1524-133-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-136-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-135-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-138-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-137-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-140-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-142-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-144-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-146-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-148-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-150-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-152-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-154-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-156-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-160-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-158-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-162-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-164-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-168-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-166-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-170-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-172-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-174-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-176-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-178-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral2/memory/1524-179-0x0000000000400000-0x000000000056E000-memory.dmp	upx
behavioral2/memory/1524-180-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\cflz.imett	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2628	1524	WerFault.exe	81
1724	1524	WerFault.exe	81
4576	1524	WerFault.exe	81

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe
1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe
1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe
1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe
1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2628	1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe	86
PID 1524 wrote to memory of 2628	1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe	86
PID 1524 wrote to memory of 2628	1524	365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe	86

C:\Users\Admin\AppData\Local\Temp\365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe
"C:\Users\Admin\AppData\Local\Temp\365f35a49e1e672373bfccf2543d8a4486ce727b0bcbd0645ffe422f37d002b2.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 1772
  2⤵
  - Program crash
  PID:2628
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 1772
  2⤵
  - Program crash
  PID:1724
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 1796
  2⤵
  - Program crash
  PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1524 -ip 1524
1⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1524 -ip 1524
1⤵
PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1524-132-0x0000000000400000-0x000000000056E000-memory.dmp

Filesize
1.4MB

Download
memory/1524-133-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-136-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-135-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-138-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-137-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-140-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-142-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-144-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-146-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-148-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-150-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-152-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-154-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-156-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-160-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-158-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-162-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-164-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-168-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-166-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-170-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-172-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-174-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-176-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-178-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/1524-179-0x0000000000400000-0x000000000056E000-memory.dmp

Filesize
1.4MB

Download
memory/1524-180-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download

Analysis

Sharing