27e6b93189e27bfbebfaa65add12c29630d956d9c575c2bd2e6bd29cb5f9ad22

Analysis

max time kernel
158s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2023 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GPU-Z.2.53.0.exe
Size

9.0MB
MD5

c4a3377490f0b53883991dc002038f76
SHA1

ad4e9c6a9c6a8ef097a5420f6876b8bbc22fa57b
SHA256

27e6b93189e27bfbebfaa65add12c29630d956d9c575c2bd2e6bd29cb5f9ad22
SHA512

297a1badec77d15d09b1ccdc640da59a431410ba2208a4d3ff56a5b8fa5af0ca0a815eeb8c889cb32ca7b4c835ea99965442f3c420f1418d4c9c741dc7b6f737
SSDEEP

196608:CJpk8suGo9D+dud42F5hgs/GMOQc1ZBCK1EkiUaNVzogSNbNV1:saTuG1RSAuInCK13kVEzbV

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3588	gpuz_installer.exe
2168	gpuz_installer.tmp

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4112-133-0x0000000000A00000-0x0000000003366000-memory.dmp	upx
behavioral2/files/0x000a00000001da0a-146.dat	upx
behavioral2/memory/4112-147-0x0000000000A00000-0x0000000003366000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4112	GPU-Z.2.53.0.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4112	GPU-Z.2.53.0.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 3588	4112	GPU-Z.2.53.0.exe	81
PID 4112 wrote to memory of 3588	4112	GPU-Z.2.53.0.exe	81
PID 4112 wrote to memory of 3588	4112	GPU-Z.2.53.0.exe	81
PID 3588 wrote to memory of 2168	3588	gpuz_installer.exe	82
PID 3588 wrote to memory of 2168	3588	gpuz_installer.exe	82
PID 3588 wrote to memory of 2168	3588	gpuz_installer.exe	82

C:\Users\Admin\AppData\Local\Temp\GPU-Z.2.53.0.exe
"C:\Users\Admin\AppData\Local\Temp\GPU-Z.2.53.0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\\gpuz_installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Users\Admin\AppData\Local\Temp\is-OG9DD.tmp\gpuz_installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-OG9DD.tmp\gpuz_installer.tmp" /SL5="$901BE,721408,721408,C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe"
    3⤵
    - Executes dropped EXE
    PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\GPU-Z.exe

Filesize
9.0MB

MD5
c4a3377490f0b53883991dc002038f76

SHA1
ad4e9c6a9c6a8ef097a5420f6876b8bbc22fa57b

SHA256
27e6b93189e27bfbebfaa65add12c29630d956d9c575c2bd2e6bd29cb5f9ad22

SHA512
297a1badec77d15d09b1ccdc640da59a431410ba2208a4d3ff56a5b8fa5af0ca0a815eeb8c889cb32ca7b4c835ea99965442f3c420f1418d4c9c741dc7b6f737

Download Submit
C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe

Filesize
1.4MB

MD5
db0fe2fc8b640f81be6103efabb69fc1

SHA1
b8ede445e915c83981ec63b5ba5cf32ec4017f01

SHA256
6cdfac9a6fd83d7a0b652bd8d5a971a753704302e697c3129dcaa5f2de465a44

SHA512
086695eadbc175e1fad454f3aecee927846fc22ad9f99933b89a722e8e48badc1ce0fb77237711aae674086fff0ee9ba875c79c4f67e84800b72723b1426c393

Download Submit
C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe

Filesize
1.4MB

MD5
db0fe2fc8b640f81be6103efabb69fc1

SHA1
b8ede445e915c83981ec63b5ba5cf32ec4017f01

SHA256
6cdfac9a6fd83d7a0b652bd8d5a971a753704302e697c3129dcaa5f2de465a44

SHA512
086695eadbc175e1fad454f3aecee927846fc22ad9f99933b89a722e8e48badc1ce0fb77237711aae674086fff0ee9ba875c79c4f67e84800b72723b1426c393

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-OG9DD.tmp\gpuz_installer.tmp

Filesize
2.4MB

MD5
8e2d270339dcd0a68fbb2f02a65d45dd

SHA1
bfcdb1f71692020858f96960e432e94a4e70c4a4

SHA256
506176b3245de84bb0b7a4da4b8068b9dd289eb9a3a1757d4183c7c3f168c811

SHA512
31eac8aabe8ac83f24d4eba21bc3a52b56105f52402aeb00e505a6be3208cf92cc57529b26f1b29605f554dccdff51e9f28f584268bfda689f53be624f3fd647

Download Submit
memory/2168-144-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2168-149-0x0000000000400000-0x0000000000679000-memory.dmp

Filesize
2.5MB

Download
memory/2168-150-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/3588-138-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3588-148-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/4112-133-0x0000000000A00000-0x0000000003366000-memory.dmp

Filesize
41.4MB

Download
memory/4112-147-0x0000000000A00000-0x0000000003366000-memory.dmp

Filesize
41.4MB

Download