abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 08:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
Size

1.1MB
MD5

f473e212e03c644b64d554d164a1b3e9
SHA1

62e198af360595c64e030442c93c23e28ef75a55
SHA256

abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf
SHA512

8310cd0167ad8577e9d31d1965b4f49a4e5aed6c0eb73a49792997f03ca3e3cc147eadc8c7c6579a82903917443f8a208478d83f2c5dfb579ace0d2bf91d7353
SSDEEP

24576:7t9mzO4b0PewIUgHNN6oH9rf3s9xctqkz0xRE3tBIq8EWm:7tcFb0lIUgNooHpf30xcPzB3tBEm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2084-0-0x0000000000400000-0x00000000005BD000-memory.dmp	upx
behavioral2/memory/2084-5-0x0000000000400000-0x00000000005BD000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 5012	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	82
PID 2084 wrote to memory of 5012	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	82
PID 2084 wrote to memory of 5012	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	82
PID 2084 wrote to memory of 4248	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	101
PID 2084 wrote to memory of 4248	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	101
PID 2084 wrote to memory of 4248	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	101
PID 2084 wrote to memory of 3744	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	100
PID 2084 wrote to memory of 3744	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	100
PID 2084 wrote to memory of 3744	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	100
PID 2084 wrote to memory of 4280	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	99
PID 2084 wrote to memory of 4280	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	99
PID 2084 wrote to memory of 4280	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	99
PID 2084 wrote to memory of 216	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	98
PID 2084 wrote to memory of 216	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	98
PID 2084 wrote to memory of 216	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	98
PID 2084 wrote to memory of 3124	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	97
PID 2084 wrote to memory of 3124	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	97
PID 2084 wrote to memory of 3124	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	97
PID 2084 wrote to memory of 2512	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	96
PID 2084 wrote to memory of 2512	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	96
PID 2084 wrote to memory of 2512	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	96
PID 2084 wrote to memory of 3704	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	95
PID 2084 wrote to memory of 3704	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	95
PID 2084 wrote to memory of 3704	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	95
PID 2084 wrote to memory of 4644	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	94
PID 2084 wrote to memory of 4644	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	94
PID 2084 wrote to memory of 4644	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	94
PID 2084 wrote to memory of 1952	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	93
PID 2084 wrote to memory of 1952	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	93
PID 2084 wrote to memory of 1952	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	93
PID 2084 wrote to memory of 4220	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	92
PID 2084 wrote to memory of 4220	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	92
PID 2084 wrote to memory of 4220	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	92
PID 2084 wrote to memory of 1172	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	84
PID 2084 wrote to memory of 1172	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	84
PID 2084 wrote to memory of 1172	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	84
PID 2084 wrote to memory of 4196	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	83
PID 2084 wrote to memory of 4196	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	83
PID 2084 wrote to memory of 4196	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	83
PID 2084 wrote to memory of 3524	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	91
PID 2084 wrote to memory of 3524	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	91
PID 2084 wrote to memory of 3524	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	91
PID 2084 wrote to memory of 4252	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	90
PID 2084 wrote to memory of 4252	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	90
PID 2084 wrote to memory of 4252	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	90
PID 2084 wrote to memory of 3264	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	89
PID 2084 wrote to memory of 3264	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	89
PID 2084 wrote to memory of 3264	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	89
PID 2084 wrote to memory of 1580	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	88
PID 2084 wrote to memory of 1580	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	88
PID 2084 wrote to memory of 1580	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	88
PID 2084 wrote to memory of 1052	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	87
PID 2084 wrote to memory of 1052	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	87
PID 2084 wrote to memory of 1052	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	87
PID 2084 wrote to memory of 2424	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	86
PID 2084 wrote to memory of 2424	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	86
PID 2084 wrote to memory of 2424	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	86
PID 2084 wrote to memory of 1016	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	85
PID 2084 wrote to memory of 1016	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	85
PID 2084 wrote to memory of 1016	2084	abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe	85

C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
"C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:5012
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:4196
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:1172
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:1016
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:1052
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:1580
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:3264
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:4252
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:3524
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:4220
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:1952
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:4644
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:3704
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:2512
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:3124
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:216
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:4280
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:3744
- C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  C:\Users\Admin\AppData\Local\Temp\abea5f9e66e077240949ab14bf40923371ffe248b745e754ceefd7c0466610bf.exe
  2⤵
  PID:4248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1580-6-0x0000000000400000-0x00000000005BD000-memory.dmp

Filesize
1.7MB

Download
memory/2084-0-0x0000000000400000-0x00000000005BD000-memory.dmp

Filesize
1.7MB

Download
memory/2084-1-0x0000000068CD0000-0x0000000068CDB000-memory.dmp

Filesize
44KB

Download
memory/2084-2-0x0000000000870000-0x0000000000897000-memory.dmp

Filesize
156KB

Download
memory/2084-3-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download
memory/2084-4-0x0000000002340000-0x000000000236B000-memory.dmp

Filesize
172KB

Download
memory/2084-5-0x0000000000400000-0x00000000005BD000-memory.dmp

Filesize
1.7MB

Download
memory/2512-7-0x0000000000400000-0x00000000005BD000-memory.dmp

Filesize
1.7MB

Download