d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb

General

Target

d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe
Size

992KB
MD5

1b1f5880ef69d1c275575ca26e301180
SHA1

d4c59d30c39397a5ea1823e6ac16c54ed9132b08
SHA256

d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb
SHA512

976d9dff413bd2e3150c5c11e7e429d10b627a8291e7fceac4dd73dd5d77608d26cd21f7a51725243fd071b9b5c74d7e693ee7f3d684d42705ab9fcc6d0e7d5e
SSDEEP

12288:sC2R/T6TP6nK0GDWt7objyTisuoDKR5nWFpPoSEMgphMg:sD6eHGqN6jyWsuYbjgpKg

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 23 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1384-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-61-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-63-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-67-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-69-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-71-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-73-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-75-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-77-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-81-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-79-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-83-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-87-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-85-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-89-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-93-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-91-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-97-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-99-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1384-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1384	d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe
Token: SeDebugPrivilege	1384	d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1384	d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe
1384	d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe
1384	d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe

C:\Users\Admin\AppData\Local\Temp\d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe
"C:\Users\Admin\AppData\Local\Temp\d15d1953d2f4a9ba623198a0fd193bdc74f6017d2fbae8348d6b13c66d702ecb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1384-54-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download
memory/1384-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-61-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-63-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-65-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download
memory/1384-67-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-69-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-71-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-73-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-75-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-77-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-81-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-79-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-83-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-87-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-85-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-89-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-93-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-91-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-97-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-99-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1384-100-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing