7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69

General

Target

7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe
Size

2.0MB
MD5

7ef77ed53c47cae68cc8ce38399464f6
SHA1

01ed0564d507b0b6ede85f78e1042d8b7862fe85
SHA256

7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69
SHA512

59a9bad0332dc8784d4b2af81228d21c9fbe0b43284d34fdc13b4a04f142f69b4585b351ebf6d9bdb40839f92c1f2eaca4f44280561f68e37f49f554f5a6036a
SSDEEP

49152:xae9SRBOICGp8paUhJ8xb0hQ29VGRTq7y:r9SRBOIbp8IUhJqb0hQ0VGZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4856-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-4-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-10-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-16-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-18-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-20-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-22-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-24-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-35-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-45-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/4856-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{B58F601D-7BEF-4154-AF06-448CB10F8181}.catalogItem	svchost.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4856	7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe
4856	7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe
4856	7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe
4856	7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe
4856	7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:2448

C:\Users\Admin\AppData\Local\Temp\7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe
"C:\Users\Admin\AppData\Local\Temp\7f9752f144ac909eda7579d4f45d289c41c9125142f60933c08c7ded41b54e69.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4856-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-4-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-10-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-16-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-18-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-20-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-22-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-24-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-35-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-45-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/4856-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads