bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8

General

Target

bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe
Size

3.8MB
MD5

75f0407c4a71b4fe0d2caa98276a67d2
SHA1

76a0b3187cce0cc235863856ee77c396e1d6d1d9
SHA256

bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8
SHA512

7f55faf921e371cdeec0b14b6d111bb2ec23b3903ef0cc44a4d6eea7651cba77f087ad89c8124e9d02748ef381148e61177d477de3f717388f18f2c77053a744
SSDEEP

49152:K1QmYRXWmYpk/DMU81AwFK0Q6Qi9goxx2jqLpdJ8LgqpjILJg/2obq0OEQk8:L/YU8awF7Q6bgoxEspdJipIddobqWQ

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1872-6-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-9-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-10-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-8-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-11-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-12-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-14-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-16-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-18-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-20-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-22-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-24-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-26-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-28-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-30-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-32-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-34-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-36-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-38-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-40-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-42-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-44-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-46-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-48-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-50-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-52-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx
behavioral2/memory/1872-58-0x000000001BF40000-0x000000001BF7E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe
1872	bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe

C:\Users\Admin\AppData\Local\Temp\bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe
"C:\Users\Admin\AppData\Local\Temp\bd4ac1824e0e7b418eba04734ba6401bb9c926fb5a6186f3e64b29ac15d19ff8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Config.ini

Filesize
63B

MD5
575f2bf1f6361cd397703d3d09c2c61c

SHA1
119566fbe8732c4f9581ae27bc22aa7528fd6fc9

SHA256
064900e6e86c38a3580c3531a672c231d1bdd756a0cb574c96812e74b902f702

SHA512
c7fac7950e2bb846813a6f924699ff41c92bef67e730c190791ff07b44fba1a9d8ac800ee328bef633da12ce3b2d2a4432e883956dc28d0da86452dd5f737775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Config.ini

Filesize
361B

MD5
69a7b1c5a9153c6e8a205c44c370157c

SHA1
5a579791eecd10ea8753cc4b243a444b6af3da2c

SHA256
95126d372d475690bff884ed22b0d3aa82f135c715dd4c1cfbe6d7292ea757cc

SHA512
f43ece25499d1bcf37e08640d15d0ea597fb9c3a3ec20baa391df0ef46a1362e606a4f39f6dab0b17c2c395e09f4de3ec27c9d5c8cfaff9a7496e6bd272b075d

Download Submit
C:\Users\Admin\AppData\Local\Temp\HPSocket4C.dll

Filesize
2.1MB

MD5
04869ada712c189caba4822be0e81ea5

SHA1
9c45486b30e6d3ccf0737c5766796baaf58232ab

SHA256
23078015adb0cf53ebf632a895a1a224b3718174e6c2887e1bbb2d28be5e2b8b

SHA512
16f98af15583c60da0cb947ea2230f759bfa27f86ef93ef5f7ffe2adcec6c5f115f52ffa74bae6cf8add94bb6a380fa276f391619256be7a45c53bb7421fdd9c

Download Submit
memory/1872-32-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-44-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-11-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-12-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-14-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-16-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-18-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-20-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-22-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-24-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-26-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-28-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-30-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-10-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-8-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-38-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-34-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-40-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-42-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-36-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-46-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-48-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-50-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-52-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-54-0x000000001BF80000-0x000000001BF81000-memory.dmp

Filesize
4KB

Download
memory/1872-55-0x000000000C3A0000-0x000000000C3A1000-memory.dmp

Filesize
4KB

Download
memory/1872-58-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-9-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download
memory/1872-6-0x000000001BF40000-0x000000001BF7E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing