2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8

General

Target

2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe
Size

792KB
MD5

e0fe1cb75faa96d8f8941f6198bf5012
SHA1

b9f4c7537212f5580568d6783457ea8e2d1a0564
SHA256

2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8
SHA512

4cb530e4910ea782a1d3d7b5e833696f59eed60db1ab5aa8d92f22c02d9b868b8ff8c4aa1b91866ac41cb937d87f64985061542416913fc3a07ebf0e8ead5a66
SSDEEP

24576:66WUVgqB8aHbgATrJCbCgvCV6wwsbuVfcX:6ZUVgqB8aHbgAXIbCgKXTX

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4720-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-134-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-135-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-137-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-139-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-141-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-143-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-145-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-149-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-147-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-151-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-158-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-160-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-162-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-168-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-172-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-174-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-176-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4720-177-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\PastsSLxo.sys	2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4720	2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe
4720	2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4720	2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe
4720	2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe
4720	2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe

C:\Users\Admin\AppData\Local\Temp\2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe
"C:\Users\Admin\AppData\Local\Temp\2b36d580fa0d3ec363f786b4b7d22e2d87212c5dfe7942632e1d6798373785a8.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4720

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4720-132-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/4720-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-134-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-135-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-137-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-139-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-141-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-143-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-145-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-149-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-147-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-151-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-158-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-160-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-162-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-168-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-172-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-174-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-176-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-177-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4720-178-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download

Analysis

Sharing