8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2023, 13:35 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
Size

10.7MB
MD5

634349fc4afeaaab1e051cd4c4d0dcbe
SHA1

a9a29d573d28d191d40588e94067f766ced02a71
SHA256

8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99
SHA512

8d1b383bc41999628ef475be444f429ef38e05a91da18c9ec3ca16e562dd7dcd208c0b21af89bc560b9a64f199adefef7ea8d66097bbec56bbe688ecc99b0020
SSDEEP

196608:9yn9Q6Qfx86hAq7jDNhWVz36YJVRiFXwXw9Jzdm3W33/33W33X3J3d3rfFaENA+4:9S9Q6sx8CfDNhWJ36Yt/MENAv

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2536-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-34-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-50-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-54-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/2536-4-0x0000000000400000-0x000000000189D000-memory.dmp	vmprotect
behavioral2/memory/2536-30-0x0000000000400000-0x000000000189D000-memory.dmp	vmprotect
behavioral2/memory/2536-58-0x0000000000400000-0x000000000189D000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe

C:\Users\Admin\AppData\Local\Temp\8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
"C:\Users\Admin\AppData\Local\Temp\8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2536

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

17.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

17.160.190.20.in-addr.arpa

IN PTR

Response
DNS

121.208.253.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

121.208.253.8.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

195.233.44.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.233.44.23.in-addr.arpa

IN PTR

Response

195.233.44.23.in-addr.arpa

IN PTR

a23-44-233-195deploystaticakamaitechnologiescom
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

bbs.125.la

8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe

Remote address:

8.8.8.8:53

Request

bbs.125.la

IN A

Response

bbs.125.la

IN A

116.62.169.10
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

1.202.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.202.248.87.in-addr.arpa

IN PTR

Response

1.202.248.87.in-addr.arpa

IN PTR

https-87-248-202-1amsllnwnet
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

27.73.42.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

27.73.42.20.in-addr.arpa

IN PTR

Response

116.62.169.10:443

bbs.125.la

8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe

52 B
1

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

17.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

17.160.190.20.in-addr.arpa
8.8.8.8:53

121.208.253.8.in-addr.arpa

dns

72 B
126 B
1
1

DNS Request

121.208.253.8.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

195.233.44.23.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

195.233.44.23.in-addr.arpa
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

bbs.125.la

dns

8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe

56 B
72 B
1
1

DNS Request

bbs.125.la

DNS Response

116.62.169.10
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

1.202.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

1.202.248.87.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

27.73.42.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

27.73.42.20.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2536-0-0x0000000001990000-0x0000000001991000-memory.dmp

Filesize
4KB

Download
memory/2536-1-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/2536-2-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/2536-4-0x0000000000400000-0x000000000189D000-memory.dmp

Filesize
20.6MB

Download
memory/2536-3-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

Filesize
4KB

Download
memory/2536-5-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

Filesize
4KB

Download
memory/2536-6-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2536-7-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/2536-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-30-0x0000000000400000-0x000000000189D000-memory.dmp

Filesize
20.6MB

Download
memory/2536-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-34-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-50-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-54-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-58-0x0000000000400000-0x000000000189D000-memory.dmp

Filesize
20.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.