55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
08/10/2023, 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe
Size

9.0MB
MD5

c994f4e098abaa993d0d88fefb4b4e35
SHA1

6b9250a883e8ab355cba6a9ad3bd79282799f1b9
SHA256

55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd
SHA512

55cc3fcc0b0481d053c4ae05c32c3110937dcf969cfdecd028ee9ce0efe3c535f1dd9d94aed8d644ec435299b987bb1dddfec321e6d0f340c2880d2f10a30d68
SSDEEP

196608:8aODzIGC/CXxAQK0UqtNhcPA1jpJFVoiVTqVf3wu19X9DxHTqNf/XU:l8CKXWQKatNhcPmp7VXTqVft19t91

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe

UPX packed file 21 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3064-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-67-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-69-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-72-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-74-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-76-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-81-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-85-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-87-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-97-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-102-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-106-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-112-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/3064-114-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe
3064	55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe

C:\Users\Admin\AppData\Local\Temp\55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe
"C:\Users\Admin\AppData\Local\Temp\55d8b0c17456219f1a4055fd44a95580fc27dceb8ba026f69f3c29c6821c47bd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\iext1.fnr.bbs.125.la

Filesize
306KB

MD5
6097a8eb959f58a4cbc6de99310bf73d

SHA1
a74a1d89a6b49b3ec2cd438cce7dcd0a217753fc

SHA256
c730eff648de62e6a2773a6ba2b5fbf6024dea0567491c77797d771fb006d387

SHA512
c6efd8741474ecf8a94ad68a60437b308532987667ec4b356b9af98b2a57e26583b130df2a71c39f3c7b56f0c6ef33efc0647b069af379ec85b6d41eef7a47c8

Download Submit
memory/3064-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3064-2-0x0000000000400000-0x0000000001511000-memory.dmp

Filesize
17.1MB

Download
memory/3064-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3064-8-0x00000000774A0000-0x00000000774A1000-memory.dmp

Filesize
4KB

Download
memory/3064-7-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3064-6-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/3064-5-0x0000000000400000-0x0000000001511000-memory.dmp

Filesize
17.1MB

Download
memory/3064-10-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3064-12-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/3064-13-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/3064-15-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/3064-17-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/3064-18-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3064-20-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3064-22-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/3064-25-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3064-27-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/3064-30-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/3064-32-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/3064-35-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/3064-37-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/3064-40-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/3064-42-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/3064-52-0x0000000000350000-0x0000000000353000-memory.dmp

Filesize
12KB

Download
memory/3064-51-0x0000000003AC0000-0x00000000042AD000-memory.dmp

Filesize
7.9MB

Download
memory/3064-50-0x0000000003AC0000-0x00000000042AD000-memory.dmp

Filesize
7.9MB

Download
memory/3064-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-58-0x0000000000400000-0x0000000001511000-memory.dmp

Filesize
17.1MB

Download
memory/3064-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-65-0x0000000000400000-0x0000000001511000-memory.dmp

Filesize
17.1MB

Download
memory/3064-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-67-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-69-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-72-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-74-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-76-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-79-0x0000000003AC0000-0x00000000042AD000-memory.dmp

Filesize
7.9MB

Download
memory/3064-81-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-83-0x0000000000350000-0x0000000000353000-memory.dmp

Filesize
12KB

Download
memory/3064-85-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-87-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-97-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-102-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-106-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-112-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-113-0x0000000075CC0000-0x0000000075DC0000-memory.dmp

Filesize
1024KB

Download
memory/3064-114-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3064-115-0x0000000075CC0000-0x0000000075DC0000-memory.dmp

Filesize
1024KB

Download