a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55

General

Target

a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe
Size

12.7MB
MD5

9444075b246f9dea48bb792538a5c7e4
SHA1

480006e2975d896f0d2cee0e0f8f3420e4a2b685
SHA256

a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55
SHA512

f41126270d47d5c4fea1f339d022cfca782d2f0f1aa6de63c6f4cd2f7dc125575c1ce7d4e935e0540a9450c3870c8531d795c7f4d7cf4ff83f0c16832ee25a03
SSDEEP

393216:MLECT6ZwZv+6aDDQnje2lt+ttbcknEP72yyo:MLECuALUQnjepMknE6y

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-40-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2412-41-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2412-42-0x0000000003DE0000-0x0000000004381000-memory.dmp	upx
behavioral1/memory/2412-43-0x0000000003DE0000-0x0000000004381000-memory.dmp	upx
behavioral1/memory/2412-44-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2412-45-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2412-46-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2412-47-0x0000000010000000-0x00000000105A1000-memory.dmp	upx
behavioral1/memory/2412-48-0x0000000003DE0000-0x0000000004381000-memory.dmp	upx
behavioral1/memory/2412-52-0x0000000010000000-0x00000000105A1000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2412-5-0x0000000000400000-0x0000000001CCB000-memory.dmp	vmprotect
behavioral1/memory/2412-50-0x0000000000400000-0x0000000001CCB000-memory.dmp	vmprotect
behavioral1/memory/2412-51-0x0000000000400000-0x0000000001CCB000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2412	a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe
2412	a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe
2412	a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe
2412	a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2412	a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe
2412	a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe

C:\Users\Admin\AppData\Local\Temp\a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe
"C:\Users\Admin\AppData\Local\Temp\a14fa5213503eea57c993ec7db09625d1a46fa7c4ebf0b6f161017938b5f5e55.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2412-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2412-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2412-5-0x0000000000400000-0x0000000001CCB000-memory.dmp

Filesize
24.8MB

Download
memory/2412-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2412-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2412-8-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2412-10-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2412-13-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2412-15-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2412-18-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2412-20-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2412-23-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2412-25-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/2412-28-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2412-30-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2412-31-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2412-33-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2412-36-0x0000000077400000-0x0000000077401000-memory.dmp

Filesize
4KB

Download
memory/2412-35-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2412-40-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2412-41-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2412-42-0x0000000003DE0000-0x0000000004381000-memory.dmp

Filesize
5.6MB

Download
memory/2412-43-0x0000000003DE0000-0x0000000004381000-memory.dmp

Filesize
5.6MB

Download
memory/2412-44-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2412-45-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2412-46-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2412-47-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download
memory/2412-48-0x0000000003DE0000-0x0000000004381000-memory.dmp

Filesize
5.6MB

Download
memory/2412-49-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2412-50-0x0000000000400000-0x0000000001CCB000-memory.dmp

Filesize
24.8MB

Download
memory/2412-51-0x0000000000400000-0x0000000001CCB000-memory.dmp

Filesize
24.8MB

Download
memory/2412-52-0x0000000010000000-0x00000000105A1000-memory.dmp

Filesize
5.6MB

Download

Analysis

Sharing