2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 05:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
Size

1.8MB
MD5

0f07c80929ce5a445389beaee6f195eb
SHA1

232f454009122b8c2316e19b3d5bcc870fa1b8f3
SHA256

2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe
SHA512

55845343978bfae7a9c22f94bad68b64468c5388931cdbf46f7aff00ad88974e42188fbf5ea23493574831a57c98f69cba13a019f191389e01be01bd4c19fca8
SSDEEP

49152:azU+2lq3/pzBCJH/NYgqWklBAwku2vCCDF:q593/pzBsHTin7ku2vdF

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3812-13077-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13076-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13081-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13079-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13078-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13083-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13085-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13087-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13089-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13091-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13093-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13095-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13097-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13102-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13104-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13107-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13109-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13111-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13113-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13115-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13117-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13119-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13121-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13123-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3812-13124-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 34 IoCs

pid	Process
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
3812	2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe

C:\Users\Admin\AppData\Local\Temp\2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe
"C:\Users\Admin\AppData\Local\Temp\2822d6351f1f53bcc2d9f566dfbd15ec6fbc66a51fdb88d7f9716a50115e83fe.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3812-0-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-1-0x0000000076C90000-0x0000000076EA5000-memory.dmp

Filesize
2.1MB

Download
memory/3812-3875-0x0000000075B10000-0x0000000075CB0000-memory.dmp

Filesize
1.6MB

Download
memory/3812-5884-0x0000000076320000-0x000000007639A000-memory.dmp

Filesize
488KB

Download
memory/3812-13069-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13070-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13071-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13072-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13074-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13075-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13077-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13076-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13081-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13079-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13078-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13083-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13085-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13087-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13089-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13091-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13093-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13095-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13097-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13098-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13102-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13104-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13107-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13109-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13111-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13113-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13115-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13117-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13119-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13121-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13123-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13124-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3812-13125-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13128-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13129-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13130-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13135-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download
memory/3812-13136-0x0000000000400000-0x000000000070B000-memory.dmp

Filesize
3.0MB

Download