a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
10/10/2023, 04:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe
Size

15.9MB
MD5

99a35e3fc6ee6309b8ec1e72b32cef10
SHA1

1ef40d193c130e619d1a340600694330c7944fa2
SHA256

a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87
SHA512

65258bd666abe091c5e85374a7ddaa16501031a5e8d55363ee2d38a6d925de0cfda871ec6ab6d8b0ce7d41c85baa587974349e00aab84d7974b7fbceecb765d6
SSDEEP

393216:wbsRi8uzsoLPRx3T4OXkwR3DgUOVr1PPDZ:wQRUzr7fNUw9wVr

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1700-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-50-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-52-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-61-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-63-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-65-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-67-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-71-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-74-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-77-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-80-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-82-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-89-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-94-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1700-97-0x0000000010000000-0x000000001003E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1700-5-0x0000000000400000-0x000000000244F000-memory.dmp	vmprotect
behavioral1/memory/1700-11-0x0000000000400000-0x000000000244F000-memory.dmp	vmprotect
behavioral1/memory/1700-53-0x0000000000400000-0x000000000244F000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1700	a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe
1700	a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe
1700	a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1700	a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe
1700	a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe
1700	a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe

C:\Users\Admin\AppData\Local\Temp\a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe
"C:\Users\Admin\AppData\Local\Temp\a06b239dc5a485257a20faa9464e38af4a7e090c5bf4a816f5f62aaf70a2ee87.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1700-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1700-2-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1700-5-0x0000000000400000-0x000000000244F000-memory.dmp

Filesize
32.3MB

Download
memory/1700-6-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1700-4-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/1700-8-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1700-11-0x0000000000400000-0x000000000244F000-memory.dmp

Filesize
32.3MB

Download
memory/1700-10-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1700-14-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1700-16-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1700-19-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1700-21-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1700-24-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1700-26-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1700-29-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1700-31-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/1700-34-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1700-32-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1700-37-0x00000000770D0000-0x00000000770D1000-memory.dmp

Filesize
4KB

Download
memory/1700-36-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1700-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-50-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-53-0x0000000000400000-0x000000000244F000-memory.dmp

Filesize
32.3MB

Download
memory/1700-52-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-61-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-63-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-65-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-67-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-71-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-74-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-77-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-80-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-82-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-89-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-94-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1700-96-0x0000000004020000-0x0000000004034000-memory.dmp

Filesize
80KB

Download
memory/1700-97-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download