d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2023 21:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
Size

4.1MB
MD5

cf366d4af1e18e1541786132cf183394
SHA1

cf7a0246407b9bed2ed24a65600191022029a4fb
SHA256

d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d
SHA512

7d4bb2f94730f150debd6274ab1ca843e9f051311b301e746c9eebcfbe6736e4d2e99ec7b384a9e208e4ed291063a7f4197544dbed4a581359abfb6ecbcfc3df
SSDEEP

98304:LYpWsdG6eBa9nu8tP3+bGkj3Mfa8pfkUCMx:0pWclIqeGkwfa8p/CMx

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3760-13212-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13213-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13214-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13215-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13217-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13219-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13221-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13225-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13227-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13229-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13232-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13234-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13236-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13238-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13240-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13242-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13244-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13246-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13248-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13250-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13252-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13254-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13256-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13258-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3760-13259-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\WOW6432Node\Interface\{E08224C6-E734-EC46-E57A-E20C5308E6B9}	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-618519468-4027732583-1827558364-1000_Classes\WOW6432Node\Interface\{E08224C6-E734-EC46-E57A-E20C5308E6B9}\ = "iyi50CTB+2IFl2+MKKcFVIhNWthPKe060TWyzEOafCi00y763FvLrqQhsdAjweZi8JdijCSnN1KhRlLYTinYOrw1pcw/mq4mtNMu+txby66kOkUAYUHpv2aNXgIGRC6y"	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
3760	d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe

C:\Users\Admin\AppData\Local\Temp\d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe
"C:\Users\Admin\AppData\Local\Temp\d09458edccd0655280a54d1818ac70ca726f3db3d5ad45e2cae1b6b404a32b5d.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3760-133-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-134-0x00000000762D0000-0x00000000764E5000-memory.dmp

Filesize
2.1MB

Download
memory/3760-4008-0x00000000764F0000-0x0000000076690000-memory.dmp

Filesize
1.6MB

Download
memory/3760-6017-0x0000000075EB0000-0x0000000075F2A000-memory.dmp

Filesize
488KB

Download
memory/3760-13202-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13203-0x0000000002770000-0x0000000002870000-memory.dmp

Filesize
1024KB

Download
memory/3760-13205-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13204-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13206-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13208-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13209-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13210-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13212-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13213-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13214-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13215-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13217-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13219-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13221-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13223-0x0000000002770000-0x0000000002870000-memory.dmp

Filesize
1024KB

Download
memory/3760-13225-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13227-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13230-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13229-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13232-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13234-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13236-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13238-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13240-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13242-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13244-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13246-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13248-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13250-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13252-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13254-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13256-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13258-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13259-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3760-13260-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13263-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13264-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13269-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download
memory/3760-13270-0x0000000000400000-0x00000000009EF000-memory.dmp

Filesize
5.9MB

Download