7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1

General

Target

7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
Size

3.1MB
MD5

290bcdd4b30a555e577fdef778cf2284
SHA1

7323d3e90b4fdcf259b94c2a62e1717da8d28833
SHA256

7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1
SHA512

821ca8f88aebf2c9e84be4e17fe6a861226f614dc2486c4688f73541bb5ac2a66156d7018f0ff493e95ddf1f5b8b59ab310dc7a8b46d4c05081cb79a26c98c92
SSDEEP

98304:8DTiHv/k/vsXD+2/xm9IoYKPyLy+6/Ue46A5:lEvsbx9oYKPync8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-2-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-6-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-7-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-8-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-9-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-11-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-13-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-15-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-17-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-19-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-21-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-24-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-27-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-29-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-32-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-34-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-36-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-38-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-40-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-42-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-44-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-47-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-49-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-51-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-54-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-55-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2040-60-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\dll.dll	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
2040	7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe

C:\Users\Admin\AppData\Local\Temp\7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe
"C:\Users\Admin\AppData\Local\Temp\7e77413453b9e249772d02afa9c06fedab2001b95f105934a3d42297606544a1.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2040-0-0x0000000000400000-0x0000000000B0D000-memory.dmp

Filesize
7.1MB

Download
memory/2040-1-0x0000000000400000-0x0000000000B0D000-memory.dmp

Filesize
7.1MB

Download
memory/2040-3-0x00000000001C0000-0x00000000001C8000-memory.dmp

Filesize
32KB

Download
memory/2040-2-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-6-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-7-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-8-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-9-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-11-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-13-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-15-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-17-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-19-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-22-0x0000000000400000-0x0000000000B0D000-memory.dmp

Filesize
7.1MB

Download
memory/2040-21-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-24-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-27-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-29-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-32-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-34-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-36-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-38-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-40-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-42-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-44-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-47-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-49-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-51-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-54-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-55-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-56-0x0000000002D90000-0x0000000002E90000-memory.dmp

Filesize
1024KB

Download
memory/2040-59-0x0000000002D90000-0x0000000002E90000-memory.dmp

Filesize
1024KB

Download
memory/2040-60-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2040-80-0x0000000000400000-0x0000000000B0D000-memory.dmp

Filesize
7.1MB

Download
memory/2040-81-0x0000000000400000-0x0000000000B0D000-memory.dmp

Filesize
7.1MB

Download

Analysis

Sharing