54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
17-08-2023 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe
Size

12.8MB
MD5

473b137483163504eb641a459f77804c
SHA1

ebfe3fff92f5a83f153d9a07b3519a701f2f616c
SHA256

54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa
SHA512

1f4086e950faeb8a9daa473a23b75c90c179278570d4f9328aa798407e9e937f7c65d24c93a0abe0cccc223c70c768607c8ec5745eeb5d0b4a1b509fcba9bb7d
SSDEEP

196608:gDez05ENt5Qd7Hq3/0cvnOoINZsThdCb1nwg5nfGkOtwqZ1M8EaTcnKnIf3oad:1t59/T/OoRChnl5n8t1ZDTcnKIf3Z

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-96-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-99-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-101-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-105-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-103-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-107-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-109-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-111-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-114-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-120-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-118-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-116-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1152-139-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2844	1152	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe
1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe
1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe
1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2844	1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe	28
PID 1152 wrote to memory of 2844	1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe	28
PID 1152 wrote to memory of 2844	1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe	28
PID 1152 wrote to memory of 2844	1152	54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe	28

C:\Users\Admin\AppData\Local\Temp\54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe
"C:\Users\Admin\AppData\Local\Temp\54f052bdf6e1050d7ab734d0a644d8f0778f75f6127c2b1e4f40804d3eff1caa.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 324
  2⤵
  - Program crash
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1152-53-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1152-56-0x0000000000400000-0x0000000001E39000-memory.dmp

Filesize
26.2MB

Download
memory/1152-55-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1152-58-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1152-59-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1152-62-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1152-61-0x0000000000400000-0x0000000001E39000-memory.dmp

Filesize
26.2MB

Download
memory/1152-64-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1152-67-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1152-69-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1152-72-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1152-74-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1152-77-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1152-79-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1152-82-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1152-84-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1152-85-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1152-87-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1152-89-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1152-93-0x0000000000400000-0x0000000001E39000-memory.dmp

Filesize
26.2MB

Download
memory/1152-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-96-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-98-0x0000000000400000-0x0000000001E39000-memory.dmp

Filesize
26.2MB

Download
memory/1152-99-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-101-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-105-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-103-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-107-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-109-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-112-0x0000000000400000-0x0000000001E39000-memory.dmp

Filesize
26.2MB

Download
memory/1152-111-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-114-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-120-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-118-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-116-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1152-139-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download