22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb

General

Target

22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe
Size

2.5MB
MD5

dc134411f2d995d4992e81edcd3cb2be
SHA1

1ad0c2ff173683f2bed7f72e5bba8e1c432d8299
SHA256

22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb
SHA512

132cba3eee2bb5a235fa68192211f0153d424fa2732f4e5e85ad4b3d1b1fc93af74ac19026d4eeaafbc1f4a27418aae87cdaa9b5aae784c3fdcd20a0523b0b24
SSDEEP

49152:wtgvR9wUKTlG4m//ejM7S1ofesuZPZ7Rb+:6MnwUKTlG4m3eY7S1ofeW

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4452-133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-134-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-135-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-137-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-139-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-141-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-143-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-145-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-147-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-149-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-151-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-153-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-155-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-157-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-159-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-161-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-163-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-165-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-167-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-169-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-171-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-173-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-175-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4452-238-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4452	22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
4452	22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4452	22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe
4452	22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe
4452	22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe

C:\Users\Admin\AppData\Local\Temp\22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe
"C:\Users\Admin\AppData\Local\Temp\22c7c20ad4f9c2bfe4f74105e80783b61905b64a96d96e7a034c70781d020acb.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\TempKFHF\YMKFHF.xml

Filesize
402B

MD5
6f9baec110034922de97ef12d0fbca36

SHA1
649e6de9a1d7853c6ffb00342bab5f5fce14efdc

SHA256
5533fa0dabc968b7c3e232d6af513d6a961279cb111b3e7960d16a97c8fc201f

SHA512
28b45450693c3b144871edcd9f70c7668e6095068e5f39c9c860b427124aba93b3f311430a433edce51a1ab9d7a99d409e7b64d595277017159d18da384fa753

Download Submit
C:\Users\Admin\AppData\Local\TempKFHF\YMKFHF.xml

Filesize
417B

MD5
1b76b0b274850bf28bedd9e5241f2191

SHA1
64194de2dd3aa7c73bbe4f8c7239f31f12072052

SHA256
5570681d30264688f91907ce1c8ce03c15ec4a78db55326820ef29d23566c1fe

SHA512
30b316a0dee78eeaa7e2860693c7fc85dc900b6bdf9a10d49d621f33734ac2cb69e3e6c2a2e840942dd6a7e5fa7f609e6c3a71e5e0356266e3ee60390d095dbf

Download Submit
memory/4452-155-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-147-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-139-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-141-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-143-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-145-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-157-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-149-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-151-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-153-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-137-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-167-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-161-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-163-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-165-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-159-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-169-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-171-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-173-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-175-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-135-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-134-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4452-238-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing