1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4

General

Target

1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
Size

12.8MB
MD5

a13dfda2c396dc9856bf8c7093b99433
SHA1

72b63ebd1210369f75ea79d3abdb529acfceb1a8
SHA256

1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4
SHA512

63ed3dfe0159176f3b1ffa27bb2f806c23535f5e3970212b2d9dfcc1713e3fa192e528667d90c12d1fed6d8ca24fe1b4601b5cbb520862d94e5e6bb3a7c8cf49
SSDEEP

393216:FbeHpQiKWiZRQVPECeXLzE5LbE6+KZX54rYQnu:FyHl1icVPE7Lz8obK/4rYQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3164-144-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-145-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-146-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-151-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-153-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-155-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-157-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-159-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-162-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-168-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-172-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-174-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-176-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-178-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-180-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-182-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-184-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-186-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-188-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3164-189-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4200	3164	WerFault.exe	79

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
3164	1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe

C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe
"C:\Users\Admin\AppData\Local\Temp\1812c273ec93eb5b9ae129c8c5e65fee1882530cf07c5e31cb4470bdd91c8ac4.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 680
  2⤵
  - Program crash
  PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3164 -ip 3164
1⤵
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3164-133-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/3164-134-0x0000000003CB0000-0x0000000003CB1000-memory.dmp

Filesize
4KB

Download
memory/3164-135-0x0000000003CE0000-0x0000000003CE1000-memory.dmp

Filesize
4KB

Download
memory/3164-137-0x0000000003D00000-0x0000000003D01000-memory.dmp

Filesize
4KB

Download
memory/3164-136-0x0000000003CF0000-0x0000000003CF1000-memory.dmp

Filesize
4KB

Download
memory/3164-138-0x0000000003D10000-0x0000000003D11000-memory.dmp

Filesize
4KB

Download
memory/3164-140-0x0000000003D20000-0x0000000003D21000-memory.dmp

Filesize
4KB

Download
memory/3164-139-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/3164-141-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/3164-144-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-145-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-146-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-151-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-150-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/3164-153-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-155-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-157-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-159-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-161-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download
memory/3164-162-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-168-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-172-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-174-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-176-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-178-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-180-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-182-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-184-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-186-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-188-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-189-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3164-190-0x0000000000400000-0x0000000001E3C000-memory.dmp

Filesize
26.2MB

Download

Analysis

Sharing