8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2

General

Target

8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
Size

1.0MB
MD5

63d9a9432a606a9ca9c21cf9b9d510df
SHA1

67d50abab9741b3ada90fe2ffa98e6907fa583bd
SHA256

8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2
SHA512

b0684b77e274fea587817d917636d319322439263124af5cb6f15a09360247896cfe0cec3601588ae9ceabeed17996c57c83ceef7256af6c85f9c59f32de615c
SSDEEP

3072:ECQNf9RNHebjpreftg32lQ8NnWfjwtvOe3RpvaVzg/flzmfAQeWaRbvJEKvAflr5:Cxb1E7n2Dd43ChEQVb3V/y4al6C/

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1996-56-0x0000000000400000-0x0000000000441000-memory.dmp	upx
behavioral1/memory/1996-59-0x0000000000400000-0x0000000000441000-memory.dmp	upx
behavioral1/memory/1448-60-0x0000000000400000-0x0000000000506000-memory.dmp	upx
behavioral1/memory/1996-61-0x0000000000400000-0x0000000000441000-memory.dmp	upx
behavioral1/memory/1996-66-0x0000000000400000-0x0000000000441000-memory.dmp	upx

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 1448 set thread context of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1996 set thread context of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1980	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
1980	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1448 wrote to memory of 1996	1448	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	27
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1996 wrote to memory of 1980	1996	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	28
PID 1980 wrote to memory of 1420	1980	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	14
PID 1980 wrote to memory of 1420	1980	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	14
PID 1980 wrote to memory of 1420	1980	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	14
PID 1980 wrote to memory of 1420	1980	8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe	14

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1420
- C:\Users\Admin\AppData\Local\Temp\8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
  "C:\Users\Admin\AppData\Local\Temp\8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
    C:\Users\Admin\AppData\Local\Temp\8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
      C:\Users\Admin\AppData\Local\Temp\8475848a7b8fdd6816e201c2c56f1dc0d1e48239821eff6c218ed7c1bc672ec2.exe
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1420-70-0x000000007FFF0000-0x000000007FFF7000-memory.dmp

Filesize
28KB

Download
memory/1448-60-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1980-64-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/1980-68-0x0000000000400000-0x0000000000408960-memory.dmp

Filesize
34KB

Download
memory/1980-69-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/1980-73-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1996-56-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1996-59-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1996-61-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/1996-66-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing