8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99

General

Target

8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
Size

10.7MB
MD5

634349fc4afeaaab1e051cd4c4d0dcbe
SHA1

a9a29d573d28d191d40588e94067f766ced02a71
SHA256

8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99
SHA512

8d1b383bc41999628ef475be444f429ef38e05a91da18c9ec3ca16e562dd7dcd208c0b21af89bc560b9a64f199adefef7ea8d66097bbec56bbe688ecc99b0020
SSDEEP

196608:9yn9Q6Qfx86hAq7jDNhWVz36YJVRiFXwXw9Jzdm3W33/33W33X3J3d3rfFaENA+4:9S9Q6sx8CfDNhWJ36Yt/MENAv

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2536-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-34-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-50-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-54-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/2536-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral2/memory/2536-4-0x0000000000400000-0x000000000189D000-memory.dmp	vmprotect
behavioral2/memory/2536-30-0x0000000000400000-0x000000000189D000-memory.dmp	vmprotect
behavioral2/memory/2536-58-0x0000000000400000-0x000000000189D000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
2536	8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe

C:\Users\Admin\AppData\Local\Temp\8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe
"C:\Users\Admin\AppData\Local\Temp\8b57cb190283e573b858ac04de95744e997fabe7012a0c2ffc4704131afbbf99.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2536-0-0x0000000001990000-0x0000000001991000-memory.dmp

Filesize
4KB

Download
memory/2536-1-0x0000000001E70000-0x0000000001E71000-memory.dmp

Filesize
4KB

Download
memory/2536-2-0x0000000001E80000-0x0000000001E81000-memory.dmp

Filesize
4KB

Download
memory/2536-4-0x0000000000400000-0x000000000189D000-memory.dmp

Filesize
20.6MB

Download
memory/2536-3-0x0000000001EC0000-0x0000000001EC1000-memory.dmp

Filesize
4KB

Download
memory/2536-5-0x0000000001ED0000-0x0000000001ED1000-memory.dmp

Filesize
4KB

Download
memory/2536-6-0x0000000001EE0000-0x0000000001EE1000-memory.dmp

Filesize
4KB

Download
memory/2536-7-0x0000000001EF0000-0x0000000001EF1000-memory.dmp

Filesize
4KB

Download
memory/2536-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-30-0x0000000000400000-0x000000000189D000-memory.dmp

Filesize
20.6MB

Download
memory/2536-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-34-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-50-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-54-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2536-58-0x0000000000400000-0x000000000189D000-memory.dmp

Filesize
20.6MB

Download

Analysis

Sharing