c659824afbed7d3b62e3653be70205d2156e383c8dda9f1099b0270bb27d8a17

Analysis

max time kernel
150s
max time network
142s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-02-2023 13:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4dbee0054b38db4136f2146511445c58de143f40.exe
Size

361KB
MD5

c61eb6346dba39184735797e3df73e47
SHA1

4dbee0054b38db4136f2146511445c58de143f40
SHA256

c659824afbed7d3b62e3653be70205d2156e383c8dda9f1099b0270bb27d8a17
SHA512

3b565a7d7dcb69868d99b867a8a059c758c306450dc72718da18effc3ead2b9f256caf9d43a363c9a351b41b2296b6c35279713e3b4bd67fd8429f490e9dfa0d
SSDEEP

6144:ZYSUIr+OXOBaU7iGYiJkaV2OFbC4XEqPTY/U1GvbYG+XtLETkzmo:ZYSUZxgU7iGYiJkaC2fPTY/U8vbYj54O

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/980-54-0x0000000000400000-0x00000000004CC000-memory.dmp	upx
behavioral1/memory/980-55-0x0000000000400000-0x00000000004CC000-memory.dmp	upx
behavioral1/memory/980-57-0x0000000000400000-0x00000000004CC000-memory.dmp	upx
behavioral1/memory/980-58-0x0000000000400000-0x00000000004CC000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe
980	4dbee0054b38db4136f2146511445c58de143f40.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	980	4dbee0054b38db4136f2146511445c58de143f40.exe

C:\Users\Admin\AppData\Local\Temp\4dbee0054b38db4136f2146511445c58de143f40.exe
"C:\Users\Admin\AppData\Local\Temp\4dbee0054b38db4136f2146511445c58de143f40.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/980-54-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/980-55-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/980-56-0x0000000075811000-0x0000000075813000-memory.dmp

Filesize
8KB

Download
memory/980-57-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/980-58-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download