1ea1e530d51e0075f7a40131cceb7c6c8ef7b0975ce14210099c739d51440c9d

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 12:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e387ded667430bexe_JC.exe
Size

1.1MB
MD5

e387ded667430b55cf891b9c908325e1
SHA1

04c5ca64cf9ec9ea422b1a58ac501ec7d4c688db
SHA256

1ea1e530d51e0075f7a40131cceb7c6c8ef7b0975ce14210099c739d51440c9d
SHA512

6575342bf1bfbbd10c203c44f93ed4317430bb324ddc1c787bfbfe7749bb3db1ed01f2c7ac339892de5ddece19d0c07eb11fa3a400c1704b1bff6c9b975287a5
SSDEEP

24576:afZanlLXYSKEDRWTg+YeP/YkOqLK3b/6MGY0r:aPSKRM+Y2ZPLwWV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1364-133-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-134-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-136-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-135-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-140-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-138-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-142-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-144-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-146-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-148-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-150-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-152-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-154-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-156-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-158-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-160-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-162-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-164-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-166-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-168-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-170-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-172-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-174-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-176-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx
behavioral2/memory/1364-177-0x00000000023B0000-0x00000000023EE000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe
1364	e387ded667430bexe_JC.exe

C:\Users\Admin\AppData\Local\Temp\e387ded667430bexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\e387ded667430bexe_JC.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1364-133-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-134-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-136-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-135-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-140-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-138-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-142-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-144-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-146-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-148-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-150-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-152-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-154-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-156-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-158-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-160-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-162-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-164-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-166-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-168-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-170-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-172-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-174-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-176-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download
memory/1364-177-0x00000000023B0000-0x00000000023EE000-memory.dmp

Filesize
248KB

Download