c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
24-09-2023 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Size

1.8MB
MD5

3b18289f6233e9cbab26070663d4c74a
SHA1

ff716a938db93c024b359ba46e6a496b059c2052
SHA256

c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53
SHA512

8b889dc42accf5703ecc382b3ccece65ac0c2b9ec0e312d6e16e401fa509657adab5feb6941c136705fe97021580cb2c92fde0872a4b3a723721efd052821992
SSDEEP

24576:VWf9dk2hr35g+amZeKKLjvcd+OkkeWXY4HuqF7XOVaRsbgplKYtl+dLr40Q5xRZX:ViI+mchXY4Ooa8+MpL+tQh+o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1756-8-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-9-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-11-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-13-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-10-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-15-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-18-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-22-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-20-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-24-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-26-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-30-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-34-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-32-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-38-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-40-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-36-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-42-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-44-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-46-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-48-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-51-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-53-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-55-0x0000000000610000-0x000000000064E000-memory.dmp	upx
behavioral1/memory/1756-66-0x0000000000610000-0x000000000064E000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 1	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreateTokenPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeAssignPrimaryTokenPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeLockMemoryPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeIncreaseQuotaPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeMachineAccountPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeTcbPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSecurityPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeTakeOwnershipPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeLoadDriverPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSystemProfilePrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSystemtimePrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeProfSingleProcessPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeIncBasePriorityPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreatePagefilePrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreatePermanentPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeBackupPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeRestorePrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeShutdownPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeDebugPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeAuditPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSystemEnvironmentPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeChangeNotifyPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeRemoteShutdownPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeUndockPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSyncAgentPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeEnableDelegationPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeManageVolumePrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeImpersonatePrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreateGlobalPrivilege	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 31	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 32	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 33	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 34	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 35	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 36	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 37	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 38	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 39	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 40	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 41	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 42	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 43	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 44	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 45	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 46	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 47	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 48	1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
1756	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe

C:\Users\Admin\AppData\Local\Temp\c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
"C:\Users\Admin\AppData\Local\Temp\c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-3-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1756-7-0x0000000002470000-0x0000000002571000-memory.dmp

Filesize
1.0MB

Download
memory/1756-8-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-9-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-11-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-13-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-10-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-15-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-18-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-22-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-20-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-24-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-26-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-28-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1756-30-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-34-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-32-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-38-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-40-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-36-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-42-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-44-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-46-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-48-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-51-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-53-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-55-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-56-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/1756-57-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/1756-58-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/1756-59-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/1756-60-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/1756-61-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/1756-62-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/1756-63-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/1756-65-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1756-64-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/1756-66-0x0000000000610000-0x000000000064E000-memory.dmp

Filesize
248KB

Download
memory/1756-67-0x0000000000700000-0x0000000000701000-memory.dmp

Filesize
4KB

Download
memory/1756-68-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/1756-69-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/1756-70-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/1756-71-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/1756-72-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/1756-73-0x0000000001F90000-0x0000000001F91000-memory.dmp

Filesize
4KB

Download
memory/1756-74-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/1756-75-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/1756-76-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1756-77-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download