b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b

Analysis

max time kernel
126s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 05:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
Size

5.8MB
MD5

bd7482ffc47c05b4c731322b9fa62c67
SHA1

cf7910079aa2513067ac379972a9be0c112db286
SHA256

b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b
SHA512

04082f1ebe683184030290a9408b6d62e8d59e1c972d68fd596f676972bc4e8c62227eff4f317f0ea95a8a5a1234a3d8cfd869d6675645985182740e07cabd00
SSDEEP

98304:3xCojsELPGclkAvLkTADpFfqOrdBRg9/4erapH2QxGdourWZsH62lQfF4M8:EovGSgTQfqO5EZ4ervgkD6yH9+fC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/392-145-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-149-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-148-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-151-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-150-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-154-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-156-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-158-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-161-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-164-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-166-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-170-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-172-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-174-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-176-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-178-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-180-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-182-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-184-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-186-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-188-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-190-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-192-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-194-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-196-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/392-197-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1043950675-1972537973-2972532878-1000_Classes\Local Settings	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
392	b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
4948	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe
"C:\Users\Admin\AppData\Local\Temp\b320d1ae3d0b857e993eef093010593c3a38fc1004c2ae2838651f19e5e6e62b.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/392-133-0x0000000000400000-0x0000000000E95000-memory.dmp

Filesize
10.6MB

Download
memory/392-134-0x0000000000EB0000-0x0000000000EB1000-memory.dmp

Filesize
4KB

Download
memory/392-135-0x0000000000EE0000-0x0000000000EE1000-memory.dmp

Filesize
4KB

Download
memory/392-136-0x00000000014A0000-0x00000000014A1000-memory.dmp

Filesize
4KB

Download
memory/392-137-0x00000000014B0000-0x00000000014B1000-memory.dmp

Filesize
4KB

Download
memory/392-138-0x00000000014C0000-0x00000000014C1000-memory.dmp

Filesize
4KB

Download
memory/392-139-0x00000000014D0000-0x00000000014D1000-memory.dmp

Filesize
4KB

Download
memory/392-141-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/392-140-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/392-142-0x0000000000400000-0x0000000000E95000-memory.dmp

Filesize
10.6MB

Download
memory/392-145-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-149-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-148-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-151-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-150-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-154-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-156-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-158-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-161-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-164-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-166-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-167-0x0000000000400000-0x0000000000E95000-memory.dmp

Filesize
10.6MB

Download
memory/392-170-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-172-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-174-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-176-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-178-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-180-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-182-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-184-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-186-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-188-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-190-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-192-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-194-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-196-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-197-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/392-198-0x0000000000400000-0x0000000000E95000-memory.dmp

Filesize
10.6MB

Download