5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5

General

Target

5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5.exe
Size

3.1MB
MD5

c85adeb3ee700b59b5d6c72d0f44b82d
SHA1

b714efd1b435dde165e3818ede5713e2c6a270c2
SHA256

5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5
SHA512

eb36831a13a8972431c6c49771e4e49f39b5258d9f0864e8805f8a952d5e83152323183c2495aa15bb719d58271ab0bed6080a586e78eba4c084a41e9c71059d
SSDEEP

98304:QYR+qLAgJ1eOVlxABnqlIfLjTgf+hVpUBZ24HZGI3fT0JMKeMigqN24Ie+dFdAtu:QYR+qLAgJ1eOVlxA5qlIfLjTgf+hVpUO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1492-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-54-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-66-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-68-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-71-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-73-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-75-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-80-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-78-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-82-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-84-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-88-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-90-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-96-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1492-99-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1492	5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1492	5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5.exe
1492	5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5.exe
1492	5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5.exe

C:\Users\Admin\AppData\Local\Temp\5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5.exe
"C:\Users\Admin\AppData\Local\Temp\5edff32e0c72ef3a0b1523a6c552881bb5328d861e56f81625d218b0fe7b52a5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1492-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-54-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-66-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-68-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-71-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-73-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-75-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-80-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-78-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-82-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-84-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-88-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-90-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-96-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1492-99-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing