c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
24/09/2023, 00:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Size

1.8MB
MD5

3b18289f6233e9cbab26070663d4c74a
SHA1

ff716a938db93c024b359ba46e6a496b059c2052
SHA256

c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53
SHA512

8b889dc42accf5703ecc382b3ccece65ac0c2b9ec0e312d6e16e401fa509657adab5feb6941c136705fe97021580cb2c92fde0872a4b3a723721efd052821992
SSDEEP

24576:VWf9dk2hr35g+amZeKKLjvcd+OkkeWXY4HuqF7XOVaRsbgplKYtl+dLr40Q5xRZX:ViI+mchXY4Ooa8+MpL+tQh+o

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1048-7-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-8-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-9-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-12-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-10-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-14-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-16-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-18-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-20-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-22-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-24-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-26-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-30-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-32-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-34-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-36-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-38-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-40-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-42-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-44-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-46-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-48-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-50-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-52-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-53-0x00000000025E0000-0x000000000261E000-memory.dmp	upx
behavioral2/memory/1048-62-0x00000000025E0000-0x000000000261E000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 1	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreateTokenPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeAssignPrimaryTokenPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeLockMemoryPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeIncreaseQuotaPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeMachineAccountPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeTcbPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSecurityPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeTakeOwnershipPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeLoadDriverPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSystemProfilePrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSystemtimePrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeProfSingleProcessPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeIncBasePriorityPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreatePagefilePrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreatePermanentPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeBackupPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeRestorePrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeShutdownPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeDebugPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeAuditPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSystemEnvironmentPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeChangeNotifyPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeRemoteShutdownPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeUndockPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeSyncAgentPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeEnableDelegationPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeManageVolumePrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeImpersonatePrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: SeCreateGlobalPrivilege	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 31	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 32	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 33	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 34	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 35	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 36	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 37	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 38	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 39	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 40	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 41	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 42	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 43	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 44	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 45	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 46	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 47	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
Token: 48	1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
1048	c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe

C:\Users\Admin\AppData\Local\Temp\c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe
"C:\Users\Admin\AppData\Local\Temp\c38f853793994f396e0883c01eccccae416595267071537ad6dede417254ba53.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1048-0-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1048-7-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-8-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-9-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-12-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-10-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-14-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-16-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-18-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-20-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-22-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-24-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-26-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-28-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/1048-30-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-32-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-34-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-36-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-38-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-40-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-42-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-44-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-46-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-48-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-50-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-52-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-53-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-54-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/1048-56-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/1048-55-0x0000000002720000-0x0000000002721000-memory.dmp

Filesize
4KB

Download
memory/1048-57-0x0000000002770000-0x0000000002771000-memory.dmp

Filesize
4KB

Download
memory/1048-58-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/1048-59-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/1048-60-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/1048-61-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/1048-62-0x00000000025E0000-0x000000000261E000-memory.dmp

Filesize
248KB

Download
memory/1048-64-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/1048-63-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/1048-65-0x0000000002940000-0x0000000002941000-memory.dmp

Filesize
4KB

Download
memory/1048-66-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/1048-67-0x0000000002710000-0x0000000002711000-memory.dmp

Filesize
4KB

Download
memory/1048-68-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/1048-69-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/1048-70-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/1048-71-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/1048-72-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/1048-73-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/1048-74-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download
memory/1048-75-0x0000000002730000-0x0000000002731000-memory.dmp

Filesize
4KB

Download