30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
16/08/2023, 11:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
Size

4.1MB
MD5

87378f251b50221baf2ebc5788e34cc6
SHA1

3b0e32351808b874bb8c853bf8ed77fa0d305ba8
SHA256

30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9
SHA512

3392f6af66b9bb6d2ce4ca5868eb0222edd144e2528ca2c779d4468f42972e9ca69012070501ddc2374317422b47faa50a49548d392a88d87d3d765c60798e82
SSDEEP

98304:QGFhU/E/sxrXzICSs5V6YZSYvPSTq8AAZhj:QGKE/ZHg6wS68j7j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4952-13211-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13213-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13212-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13215-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13217-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13219-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13221-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13223-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13225-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13229-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13231-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13233-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13235-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13237-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13239-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13241-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13243-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13245-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13247-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13249-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13251-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13253-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13255-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4952-13257-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\WOW6432Node\Interface\{8224C668-8596-82A8-83DC-806E31AE4817}	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\WOW6432Node\Interface\{8224C668-8596-82A8-83DC-806E31AE4817}\ = "rlDhuE6id+qDH+8JoA9h/PD8O6A5UbBJWt1SFOxCgTC82zbHq0PTtsdJ2bhLomfqeB/qCZsPn/oJ9TOgNlGgSU/dTRTnQr8uvNs2x6tD07bgyhy55GiyyzsBW0Rl8PJ/"	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
4952	30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe

C:\Users\Admin\AppData\Local\Temp\30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe
"C:\Users\Admin\AppData\Local\Temp\30818a5d73f14b8e203910666a0be769ae8e07d2e106f4ec4882b248fb240ac9.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4952-133-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-134-0x0000000076390000-0x00000000765A5000-memory.dmp

Filesize
2.1MB

Download
memory/4952-4008-0x0000000076820000-0x00000000769C0000-memory.dmp

Filesize
1.6MB

Download
memory/4952-6017-0x0000000076700000-0x000000007677A000-memory.dmp

Filesize
488KB

Download
memory/4952-13202-0x0000000002B90000-0x0000000002C90000-memory.dmp

Filesize
1024KB

Download
memory/4952-13203-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13204-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13205-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13206-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13208-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13209-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13211-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13213-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13212-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13215-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13217-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13219-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13221-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13223-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13225-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13227-0x0000000002B90000-0x0000000002C90000-memory.dmp

Filesize
1024KB

Download
memory/4952-13229-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13231-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13233-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13235-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13237-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13239-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13241-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13243-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13245-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13247-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13249-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13251-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13253-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13255-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13256-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13257-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4952-13258-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13262-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13263-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13268-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download
memory/4952-13269-0x0000000000400000-0x00000000009DC000-memory.dmp

Filesize
5.9MB

Download