1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4

General

Target

1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
Size

12.8MB
MD5

a13dfda2c396dc9856bf8c7093b99433
SHA1

72b63ebd1210369f75ea79d3abdb529acfceb1a8
SHA256

1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4
SHA512

63ed3dfe0159176f3b1ffa27bb2f806c23535f5e3970212b2d9dfcc1713e3fa192e528667d90c12d1fed6d8ca24fe1b4601b5cbb520862d94e5e6bb3a7c8cf49
SSDEEP

393216:FbeHpQiKWiZRQVPECeXLzE5LbE6+KZX54rYQnu:FyHl1icVPE7Lz8obK/4rYQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2560-96-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-97-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-100-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-102-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-104-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-106-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-108-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-110-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-112-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-114-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-116-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-119-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-121-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2560-140-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2704	2560	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2704	2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe	28
PID 2560 wrote to memory of 2704	2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe	28
PID 2560 wrote to memory of 2704	2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe	28
PID 2560 wrote to memory of 2704	2560	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe	28

C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
"C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 324
  2⤵
  - Program crash
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2560-56-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/2560-57-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2560-54-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2560-59-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2560-60-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2560-62-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/2560-63-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2560-65-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2560-68-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2560-73-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2560-70-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2560-75-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2560-78-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2560-80-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2560-83-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2560-85-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2560-86-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2560-88-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2560-90-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2560-94-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/2560-95-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/2560-96-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-97-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-100-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-102-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-104-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-106-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-108-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-110-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-112-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-114-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-116-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-119-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-121-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2560-140-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing