139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/08/2023, 19:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Size

2.5MB
MD5

20480407ce392371a75b33fee0fe056a
SHA1

1878033c58405ac09a8571a91a118cca3fdced58
SHA256

139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee
SHA512

3554f60d335ad2bed83cf25876aaaa43f830ea77d5e850090c0722dcb9fa5f8d8bfee7e964d65591ab7b2afd39541b4854ee5687aa1c66478fb1dbd26189561b
SSDEEP

49152:T5ZYIWoojdD4XPRI0NZe5UdBoVWChAQUb:DYfoohIRIAZEUdgC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-62-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-68-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-67-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-65-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-64-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-66-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-70-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-72-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-75-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-77-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-79-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-83-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-81-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-87-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-89-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-93-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-91-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-96-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-98-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-102-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-100-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-105-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-107-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-109-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-111-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-113-0x00000000028F0000-0x000000000292E000-memory.dmp	upx
behavioral1/memory/1924-116-0x00000000028F0000-0x000000000292E000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 1	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeCreateTokenPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeAssignPrimaryTokenPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeLockMemoryPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeIncreaseQuotaPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeMachineAccountPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeTcbPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeSecurityPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeTakeOwnershipPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeLoadDriverPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeSystemProfilePrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeSystemtimePrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeProfSingleProcessPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeIncBasePriorityPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeCreatePagefilePrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeCreatePermanentPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeBackupPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeRestorePrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeShutdownPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeDebugPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeAuditPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeSystemEnvironmentPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeChangeNotifyPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeRemoteShutdownPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeUndockPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeSyncAgentPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeEnableDelegationPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeManageVolumePrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeImpersonatePrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: SeCreateGlobalPrivilege	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 31	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 32	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 33	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 34	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 35	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 36	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 37	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 38	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 39	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 40	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 41	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 42	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 43	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 44	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 45	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 46	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 47	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
Token: 48	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2416	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe	28
PID 1924 wrote to memory of 2416	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe	28
PID 1924 wrote to memory of 2416	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe	28
PID 1924 wrote to memory of 2416	1924	139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe	28

C:\Users\Admin\AppData\Local\Temp\139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe
"C:\Users\Admin\AppData\Local\Temp\139734ce126ff44843dbc2d65d745932d0917a2a8804475bb074fedcd1371eee.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\Notepad.exe
  Notepad C:\Users\Admin\AppData\Local\Temp\Ê¹ÓÃËµÃ÷.txt
  2⤵
  PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ê¹ÓÃËµÃ÷.txt

Filesize
2KB

MD5
fd2a1691e062c7d209ee082e34c33822

SHA1
dec2e12a9b469595cd61daae88ca2133e1e21557

SHA256
0afca7857edabdb55fbe7ea5bea593e899f27333419f943e4c6553c9beb04889

SHA512
d68471b749ea2fcb5d7d985d0e3a4b5d0073748b346ea231a62f18aafc4c01bd313dbeb58473f3262728d204498b79d9bea795f451db6e7cebab343df3765a08

Download Submit
memory/1924-81-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-98-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-68-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-67-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-65-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-64-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-66-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-70-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-72-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-75-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-77-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-79-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-83-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-54-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1924-62-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-87-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-100-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-93-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-91-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-96-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-89-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-102-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-85-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1924-105-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-107-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-109-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-111-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-113-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download
memory/1924-61-0x0000000002790000-0x0000000002891000-memory.dmp

Filesize
1.0MB

Download
memory/1924-116-0x00000000028F0000-0x000000000292E000-memory.dmp

Filesize
248KB

Download