de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d

General

Target

de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe
Size

4.8MB
MD5

642e0e0558766bf324d6fbcb7d72a322
SHA1

12f057b8369d85b946e701e6f8380a6b6fb7d477
SHA256

de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d
SHA512

c0e2c49cab2076aaaf5c9ebb5e14c4c4acd0a7642a2aa9a1b13014ee1ebb422e35386040314ae4b5723d154db942d30c5481ec6b459ebb0e20bbeac11c74473a
SSDEEP

49152:2JAPtjadNER68ZCAOUJEfKElJzz9BCuZYSoQNYGBhNj6OLO+s8KuqGaX0ToIBAUy:IA768ZwUJWKqz9QQTJBAUZL1q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2492-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-18-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-16-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-25-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-27-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-10-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-6-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-33-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-31-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-39-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-43-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-45-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-41-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-37-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-35-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-29-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2492-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2784	2492	WerFault.exe	11

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe
2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe
2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe
2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2784	2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe	28
PID 2492 wrote to memory of 2784	2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe	28
PID 2492 wrote to memory of 2784	2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe	28
PID 2492 wrote to memory of 2784	2492	de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe	28

C:\Users\Admin\AppData\Local\Temp\de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe
"C:\Users\Admin\AppData\Local\Temp\de4d540495ac01e699ad780340181597a063bbf4836551f2253e26716665506d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 1368
  2⤵
  - Program crash
  PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2492-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-18-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-16-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-25-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-27-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-10-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-6-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-33-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-31-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-39-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-43-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-45-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-41-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-37-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-35-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-29-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2492-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download

Analysis

Sharing