f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a

Analysis

max time kernel
140s
max time network
128s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
28/08/2023, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Size

2.0MB
MD5

e2ebd0443ceec9ab9dadd42bfe955584
SHA1

8f31c83c1fdce3ec72c84e94be9dc8fee1d4d8cf
SHA256

f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a
SHA512

33427f4378bbfa46079da5dc37b2a6037758eaa6839ecd4698b560187aab500160bdd3b10a750504834135441e353677a099f2c866fc39e2a726073fe0b9b3f4
SSDEEP

49152:MMBNaRrIsujtWtVyPQmHXU2jsckQQP8ORQbWztiJ:q5tatWqo6JIEQP8gzI

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1460-11-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-10-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-9-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-14-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-16-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-18-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-20-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-22-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-24-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-26-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-33-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-28-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-35-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-37-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-39-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-41-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-43-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-45-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-47-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-49-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-51-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-53-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-55-0x0000000000970000-0x00000000009AE000-memory.dmp	upx
behavioral1/memory/1460-58-0x0000000000970000-0x00000000009AE000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 1	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeCreateTokenPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeAssignPrimaryTokenPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeLockMemoryPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeIncreaseQuotaPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeMachineAccountPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeTcbPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeSecurityPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeTakeOwnershipPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeLoadDriverPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeSystemProfilePrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeSystemtimePrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeProfSingleProcessPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeIncBasePriorityPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeCreatePagefilePrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeCreatePermanentPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeBackupPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeRestorePrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeShutdownPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeDebugPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeAuditPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeSystemEnvironmentPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeChangeNotifyPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeRemoteShutdownPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeUndockPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeSyncAgentPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeEnableDelegationPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeManageVolumePrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeImpersonatePrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: SeCreateGlobalPrivilege	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 31	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 32	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 33	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 34	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 35	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 36	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 37	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 38	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 39	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 40	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 41	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 42	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 43	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 44	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 45	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 46	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 47	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
Token: 48	1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
1460	f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe

C:\Users\Admin\AppData\Local\Temp\f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe
"C:\Users\Admin\AppData\Local\Temp\f76d0567e475b47b23481f08d83ee61df715f6af56913310c732384e7a33289a.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1460-0-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-7-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1460-12-0x0000000002B80000-0x0000000002C81000-memory.dmp

Filesize
1.0MB

Download
memory/1460-11-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-10-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-9-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-14-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-16-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-18-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-20-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-22-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-24-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-26-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-29-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-31-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1460-33-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-28-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-35-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-37-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-39-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-41-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-43-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-45-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-47-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-49-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-51-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-53-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-55-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-58-0x0000000000970000-0x00000000009AE000-memory.dmp

Filesize
248KB

Download
memory/1460-63-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-64-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-65-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-66-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-67-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-68-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-69-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-70-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-71-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-72-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-73-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-74-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-75-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download
memory/1460-76-0x0000000000400000-0x00000000008F9000-memory.dmp

Filesize
5.0MB

Download