de3440c281f59832e96e0760264ac5fc61cb9b1ea74a7e348bff0262aa285a31

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2023, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cd4d7e73dd6b0c16694fd4a6bbde839.exe
Size

7.0MB
MD5

4cd4d7e73dd6b0c16694fd4a6bbde839
SHA1

bf6f1f08acf87a9b3d703c8b41ceba6ef5647950
SHA256

de3440c281f59832e96e0760264ac5fc61cb9b1ea74a7e348bff0262aa285a31
SHA512

f142f412a714e90e368739dda5b779e8e9431266196f2b7dda0ea231390b07e542e7d50cbfde2a5aa4977043c9a76d8e9de07165be65bac79f38c8916c78dd7d
SSDEEP

196608:Wlycz5S32UISklLrkS0XB9t7xRRPp1HgHrfQC3ewHz:Wwcz5S32UOl0SQ9t7dp1HgLfp3R

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
464	gpuz_installer.exe
3544	gpuz_installer.tmp

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4240-133-0x0000000000700000-0x000000000229A000-memory.dmp	upx
behavioral2/memory/4240-146-0x0000000000700000-0x000000000229A000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4240	4cd4d7e73dd6b0c16694fd4a6bbde839.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4240	4cd4d7e73dd6b0c16694fd4a6bbde839.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 464	4240	4cd4d7e73dd6b0c16694fd4a6bbde839.exe	84
PID 4240 wrote to memory of 464	4240	4cd4d7e73dd6b0c16694fd4a6bbde839.exe	84
PID 4240 wrote to memory of 464	4240	4cd4d7e73dd6b0c16694fd4a6bbde839.exe	84
PID 464 wrote to memory of 3544	464	gpuz_installer.exe	85
PID 464 wrote to memory of 3544	464	gpuz_installer.exe	85
PID 464 wrote to memory of 3544	464	gpuz_installer.exe	85

C:\Users\Admin\AppData\Local\Temp\4cd4d7e73dd6b0c16694fd4a6bbde839.exe
"C:\Users\Admin\AppData\Local\Temp\4cd4d7e73dd6b0c16694fd4a6bbde839.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\\gpuz_installer.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:464
- - C:\Users\Admin\AppData\Local\Temp\is-3S4K0.tmp\gpuz_installer.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-3S4K0.tmp\gpuz_installer.tmp" /SL5="$B0038,721408,721408,C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe"
    3⤵
    - Executes dropped EXE
    PID:3544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe

Filesize
1.4MB

MD5
a1fe286199f82dc9a1f64fa2d677240a

SHA1
c64f7ff5f90fa49d877914aa25dd741cdaa7ec2e

SHA256
6d41cb901f463a0c814fff8f7740d7757379eba822c47ec17630c91f5ba8626e

SHA512
c536874fd0e3ceca7728145fab4b8f41a3ce49dfe250dfc2c09593571cdec2a7d3f4c784112e06bc87c3a4fdf065e3c72f296b9fe2a5a95bd79994fe25c01a8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\gpuz_installer.exe

Filesize
1.4MB

MD5
a1fe286199f82dc9a1f64fa2d677240a

SHA1
c64f7ff5f90fa49d877914aa25dd741cdaa7ec2e

SHA256
6d41cb901f463a0c814fff8f7740d7757379eba822c47ec17630c91f5ba8626e

SHA512
c536874fd0e3ceca7728145fab4b8f41a3ce49dfe250dfc2c09593571cdec2a7d3f4c784112e06bc87c3a4fdf065e3c72f296b9fe2a5a95bd79994fe25c01a8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3S4K0.tmp\gpuz_installer.tmp

Filesize
2.4MB

MD5
8e2d270339dcd0a68fbb2f02a65d45dd

SHA1
bfcdb1f71692020858f96960e432e94a4e70c4a4

SHA256
506176b3245de84bb0b7a4da4b8068b9dd289eb9a3a1757d4183c7c3f168c811

SHA512
31eac8aabe8ac83f24d4eba21bc3a52b56105f52402aeb00e505a6be3208cf92cc57529b26f1b29605f554dccdff51e9f28f584268bfda689f53be624f3fd647

Download Submit
memory/464-138-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/464-147-0x0000000000400000-0x00000000004BE000-memory.dmp

Filesize
760KB

Download
memory/3544-145-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download
memory/3544-148-0x0000000000400000-0x0000000000679000-memory.dmp

Filesize
2.5MB

Download
memory/4240-133-0x0000000000700000-0x000000000229A000-memory.dmp

Filesize
27.6MB

Download
memory/4240-146-0x0000000000700000-0x000000000229A000-memory.dmp

Filesize
27.6MB

Download