63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 02:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
Size

15.6MB
MD5

229be47275ffeabba68948f0dcc627c7
SHA1

d81a7908f72929d43fa165c859db7b4cf6ad049e
SHA256

63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723
SHA512

38ffad3869aed6b4760fa62d153b39254acdd3decb72ae4a9d01b6ee51741c4515541f0d3bbc6b947791cefc481d8eb3c39f2b3d96e7795e285fe399be7532d6
SSDEEP

196608:Zp6hc0vul3Yk7ABtTPGJoKdD1oPpBmQxMma4UUKDXQKOdpOPuuQL5wA3RFWpFYGq:Kh269GixPpBmNRdTb3usADGFYe/qDR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1112-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-30-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-34-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-49-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-51-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-66-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-68-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-75-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1112-76-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
1112	63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe

C:\Users\Admin\AppData\Local\Temp\63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe
"C:\Users\Admin\AppData\Local\Temp\63dde9c2649bf62fd926227153b770f2681f330b259c95895e139972f4b37723.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-0-0x0000000001410000-0x0000000001411000-memory.dmp

Filesize
4KB

Download
memory/1112-1-0x00000000014E0000-0x00000000014E1000-memory.dmp

Filesize
4KB

Download
memory/1112-3-0x0000000003170000-0x0000000003171000-memory.dmp

Filesize
4KB

Download
memory/1112-4-0x0000000003180000-0x0000000003181000-memory.dmp

Filesize
4KB

Download
memory/1112-2-0x00000000014F0000-0x00000000014F1000-memory.dmp

Filesize
4KB

Download
memory/1112-5-0x0000000003190000-0x0000000003191000-memory.dmp

Filesize
4KB

Download
memory/1112-7-0x0000000000400000-0x00000000013B3000-memory.dmp

Filesize
15.7MB

Download
memory/1112-8-0x00000000031B0000-0x00000000031B1000-memory.dmp

Filesize
4KB

Download
memory/1112-6-0x00000000031A0000-0x00000000031A1000-memory.dmp

Filesize
4KB

Download
memory/1112-9-0x00000000031C0000-0x00000000031C1000-memory.dmp

Filesize
4KB

Download
memory/1112-10-0x00000000031D0000-0x00000000031D1000-memory.dmp

Filesize
4KB

Download
memory/1112-11-0x00000000031F0000-0x00000000031F1000-memory.dmp

Filesize
4KB

Download
memory/1112-13-0x0000000003210000-0x0000000003211000-memory.dmp

Filesize
4KB

Download
memory/1112-12-0x0000000003200000-0x0000000003201000-memory.dmp

Filesize
4KB

Download
memory/1112-14-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/1112-15-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/1112-16-0x00000000033B0000-0x0000000003B9D000-memory.dmp

Filesize
7.9MB

Download
memory/1112-23-0x00000000033B0000-0x0000000003B9D000-memory.dmp

Filesize
7.9MB

Download
memory/1112-24-0x00000000033B0000-0x0000000003B9D000-memory.dmp

Filesize
7.9MB

Download
memory/1112-27-0x00000000033B0000-0x0000000003B9D000-memory.dmp

Filesize
7.9MB

Download
memory/1112-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-30-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-34-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-49-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-48-0x0000000000400000-0x00000000013B3000-memory.dmp

Filesize
15.7MB

Download
memory/1112-51-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-54-0x00000000033B0000-0x0000000003B9D000-memory.dmp

Filesize
7.9MB

Download
memory/1112-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-66-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-68-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-75-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1112-76-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download