aa0f8e9cab68a02e6db39a182f3e157e48fe590111cb24ef7e3d059129749c44

Analysis

max time kernel
145s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2023, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

UnpackMe_protected.exe
Size

3.1MB
MD5

36671a8059308c1e4435f25c965417a7
SHA1

c5e44929dbc0a8d906f881fa2bacadf9884eb8f0
SHA256

aa0f8e9cab68a02e6db39a182f3e157e48fe590111cb24ef7e3d059129749c44
SHA512

d46000483942091435f50725d4626f2845bd104e3ab52804d816ad13ef20726efb1cfd329bddb85793fc9e80fcea36a8ef815cbd7be6e2dbc1117ee3ffe31751
SSDEEP

98304:+Pk90gX5IglJQxzDaReKE0UUvfxK8hF47ft:Cq01OQBmAKEwkG

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4684	UnpackMe_protected.exe
4684	UnpackMe_protected.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4684	UnpackMe_protected.exe

C:\Users\Admin\AppData\Local\Temp\UnpackMe_protected.exe
"C:\Users\Admin\AppData\Local\Temp\UnpackMe_protected.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4684-133-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-134-0x00007FF4F13E0000-0x00007FF4F17B1000-memory.dmp

Filesize
3.8MB

Download
memory/4684-135-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-136-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-137-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-138-0x00007FFDF8E80000-0x00007FFDF8E90000-memory.dmp

Filesize
64KB

Download
memory/4684-139-0x000001BF7CCC0000-0x000001BF7CCD0000-memory.dmp

Filesize
64KB

Download
memory/4684-140-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-141-0x00007FF4F13E0000-0x00007FF4F17B1000-memory.dmp

Filesize
3.8MB

Download
memory/4684-142-0x000001BF7CCC0000-0x000001BF7CCD0000-memory.dmp

Filesize
64KB

Download
memory/4684-143-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-144-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-145-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-146-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-147-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-148-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-149-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-150-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-151-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-152-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-153-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-154-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download
memory/4684-155-0x00007FF7D1F30000-0x00007FF7D2DA2000-memory.dmp

Filesize
14.4MB

Download