3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1

Analysis

max time kernel
140s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
09/10/2023, 13:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
Size

5.6MB
MD5

70a166b354118b528fdc8ba8dcc996fa
SHA1

c2ad276b7c79a568fcb75a35004643f5ce1eb635
SHA256

3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1
SHA512

e9daea9073f90cdf611a1ce3ffb25df3013d656d4a6562eb607bd48c44f24d25d9b40a3e359db76a994875fd2d31c5b83798c35a99ebbae74dc3073c253eeb17
SSDEEP

98304:/OOs+TojCqE6yKqOXjYjjVKuG6bRdM9uXrx7I3jz9IO1yQczCEjD:/BsqohrynKa8gFqMIlxgBD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2000-8695-0x00000000002E0000-0x00000000002EB000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2800	2000	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2800	2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe	30
PID 2000 wrote to memory of 2800	2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe	30
PID 2000 wrote to memory of 2800	2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe	30
PID 2000 wrote to memory of 2800	2000	3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe	30

C:\Users\Admin\AppData\Local\Temp\3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe
"C:\Users\Admin\AppData\Local\Temp\3781b4bebbd51a6c62ac18475327f8dadec76dfc7f8544b554e2a96f3712abd1.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 408
  2⤵
  - Program crash
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-0-0x0000000000400000-0x0000000000D96000-memory.dmp

Filesize
9.6MB

Download
memory/2000-1-0x0000000077580000-0x00000000775C7000-memory.dmp

Filesize
284KB

Download
memory/2000-812-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-811-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-814-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-816-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-818-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-820-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-822-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-824-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-826-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-828-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-830-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-832-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-834-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-836-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-838-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-840-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-844-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-842-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-846-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-848-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-850-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-852-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-856-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-854-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-858-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-862-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-860-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-864-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-866-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-868-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-872-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-870-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-2547-0x0000000002790000-0x0000000002911000-memory.dmp

Filesize
1.5MB

Download
memory/2000-8686-0x0000000002A60000-0x0000000002B71000-memory.dmp

Filesize
1.1MB

Download
memory/2000-8694-0x0000000000400000-0x0000000000D96000-memory.dmp

Filesize
9.6MB

Download
memory/2000-8695-0x00000000002E0000-0x00000000002EB000-memory.dmp

Filesize
44KB

Download
memory/2000-8697-0x0000000000400000-0x0000000000D96000-memory.dmp

Filesize
9.6MB

Download