c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23-08-2023 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Size

2.2MB
MD5

e983f1c4b8d76731a178cf4a128eb41a
SHA1

29d5d4b93699c89d028bd24fb8d87951db997812
SHA256

c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c
SHA512

7008cdeb34d688640ae06139f2f5d035878342a8a86ceae25b5a2b693d04ffdad8f3fc5a66821a3ad4966aa3f010f773f8cafdb1fcb1aa625e6e03cfe0ce28b9
SSDEEP

24576:Bs9oJL9ObEtIICtDCcKSnzk7X/wsCRjuF50u1aHeTU3ox5iOmYHc3HbyplKYtl+q:BABBKFAo5rU3CrmYQmpL+0QC9rj+q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1376-5-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-8-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-9-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-7-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-10-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-11-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-13-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-15-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-18-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-20-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-23-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-27-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-30-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-25-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-32-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-34-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-36-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-38-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-42-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-40-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-46-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-44-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-49-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-52-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-54-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-57-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-58-0x0000000000360000-0x000000000039E000-memory.dmp	upx
behavioral1/memory/1376-59-0x0000000000360000-0x000000000039E000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 1	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeCreateTokenPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeAssignPrimaryTokenPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeLockMemoryPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeIncreaseQuotaPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeMachineAccountPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeTcbPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeSecurityPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeTakeOwnershipPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeLoadDriverPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeSystemProfilePrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeSystemtimePrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeProfSingleProcessPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeIncBasePriorityPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeCreatePagefilePrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeCreatePermanentPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeBackupPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeRestorePrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeShutdownPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeDebugPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeAuditPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeSystemEnvironmentPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeChangeNotifyPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeRemoteShutdownPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeUndockPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeSyncAgentPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeEnableDelegationPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeManageVolumePrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeImpersonatePrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: SeCreateGlobalPrivilege	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 31	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 32	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 33	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 34	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 35	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 36	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 37	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 38	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 39	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 40	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 41	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 42	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 43	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 44	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 45	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 46	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 47	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
Token: 48	1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
1376	c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe

C:\Users\Admin\AppData\Local\Temp\c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe
"C:\Users\Admin\AppData\Local\Temp\c26c282ef95856bc3bda4d3f0b0b0434401dc541471456c1e8c3f6d1b057196c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-3-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1376-4-0x00000000023F0000-0x00000000024F1000-memory.dmp

Filesize
1.0MB

Download
memory/1376-5-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-8-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-9-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-7-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-10-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-11-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-13-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-15-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-18-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-20-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-23-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-27-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-30-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-29-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1376-25-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-32-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-34-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-36-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-38-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-42-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-40-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-46-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-44-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-49-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-52-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-54-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-57-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-58-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download
memory/1376-59-0x0000000000360000-0x000000000039E000-memory.dmp

Filesize
248KB

Download