8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27/08/2023, 09:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe
Size

2.8MB
MD5

2d6fb1cf8b978a030b437d99984ef559
SHA1

71b69884675c439269708159fa8dd18855889355
SHA256

8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413
SHA512

b8d119369ed7593bf9cb1531777c88d499b25f57fb11b844a445e6aad210c53395f41c91dac7f1880ae1ac2f1fdb0915f8aab2951b474577e4bf5f35a02b6373
SSDEEP

24576:KxC9v5fj1npuOV/6QCRkbpEVK8vDA2b2lkM2HvLhBnFN6O3PLpJ2SfpLGc:Ko5fJnl/6QCYPOqlkMMSOfyUpLGc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1980-0-0x0000000000400000-0x0000000000964000-memory.dmp	upx
behavioral1/memory/1980-1-0x0000000000400000-0x0000000000964000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1980	8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_CLASSES\Wow6432Node\Interface\{19335D77-1E2D-1337-146B-19F5CABF57A8}	8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe
Key created	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_CLASSES\Wow6432Node	8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe
Key created	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_CLASSES\Wow6432Node\Interface	8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_CLASSES\Wow6432Node\Interface\{19335D77-1E2D-1337-146B-19F5CABF57A8}\ = "CL0sQ74XTKtEXuQYacw7JruEyVnJqHbuKrpfT8oT+qAPapkQafBmASG2JEO+FzGrO16tGFnMQiXUfcFZyahb7iG6KE+6EwGfD2qZEGnwZgEVpLEE0opUGTJL/dQB1sMq"	8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_CLASSES\Wow6432Node\Interface\{19335D77-1E2D-1337-146B-19F5CABF57A8}\ = "CL0sQ74XTKtEXuQYacw7JruEyVnJqHbuKrpfT8oT+qAQapkQafBmASG2JEO+FzGrO16tGFnMQiXUfcFZyahb7iG6KE+6EwGfD2qZEGnwZgHjmb4BhLeQJE2VgBlMujUz"	8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4219371764-2579186923-3390623117-1000_CLASSES\Wow6432Node\Interface\{19335D77-1E2D-1337-146B-19F5CABF57A8}\ = "CL0sQ74XTKtEXuQYacw7JruEyVnJqHbuKrpfT8oTKKEQapkQafBmASG2JEO+FzGrO16tGFnMQiXUfcFZyahb7iG6KE+6EwGfD2qZEGnwZgFr69EVaeMJYlsOXO7/xfsF"	8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe

C:\Users\Admin\AppData\Local\Temp\8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe
"C:\Users\Admin\AppData\Local\Temp\8e953abf4b7b57507971c996ce6925bd78a4e849bee4964687ee343acd45e413.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1980-0-0x0000000000400000-0x0000000000964000-memory.dmp

Filesize
5.4MB

Download
memory/1980-1-0x0000000000400000-0x0000000000964000-memory.dmp

Filesize
5.4MB

Download