0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2

Analysis

max time kernel
147s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Size

4.5MB
MD5

5e0a5ca147d99774750706ed4fd2acf4
SHA1

18cc604553592bca88b4c9fbcf7784f1336a5259
SHA256

0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2
SHA512

2acc6282ec2dd671976d5d45d810662f9278840e7205b1d095ced32eac76fb21befac39d33be46e77aaa7f76982032460f3b86f8f17cb688beb96ab9a0ca30f0
SSDEEP

49152:BUpT/njU4N01Fil6aald32RvXQVjlSjSFBHVDVw6x+xz/deiN81HpCh7Q17A09NX:mWilkld32RvAj0jibq4+xz/d+Ic759Rn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4636-8-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-7-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-9-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-10-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-12-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-14-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-16-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-18-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-20-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-22-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-24-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-26-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-29-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-31-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-33-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-35-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-38-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-40-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-42-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-44-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-46-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-48-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-50-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-52-0x0000000002930000-0x000000000296E000-memory.dmp	upx
behavioral2/memory/4636-53-0x0000000002930000-0x000000000296E000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 1	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeCreateTokenPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeAssignPrimaryTokenPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeLockMemoryPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeIncreaseQuotaPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeMachineAccountPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeTcbPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeSecurityPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeTakeOwnershipPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeLoadDriverPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeSystemProfilePrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeSystemtimePrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeProfSingleProcessPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeIncBasePriorityPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeCreatePagefilePrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeCreatePermanentPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeBackupPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeRestorePrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeShutdownPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeDebugPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeAuditPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeSystemEnvironmentPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeChangeNotifyPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeRemoteShutdownPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeUndockPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeSyncAgentPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeEnableDelegationPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeManageVolumePrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeImpersonatePrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: SeCreateGlobalPrivilege	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 31	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 32	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 33	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 34	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 35	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 36	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 37	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 38	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 39	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 40	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 41	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 42	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 43	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 44	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 45	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 46	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 47	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
Token: 48	4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
4636	0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe

C:\Users\Admin\AppData\Local\Temp\0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe
"C:\Users\Admin\AppData\Local\Temp\0e8553e4e8b4682fcb0f8c8b5515e6a16e373418fa3dcc598610c3c5bdc187d2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4636-0-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/4636-8-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-7-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-9-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-10-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-12-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-14-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-16-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-18-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-20-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-22-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-24-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-26-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-28-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/4636-29-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-31-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-33-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-35-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-38-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-40-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-42-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-44-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-46-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-48-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-50-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-52-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-53-0x0000000002930000-0x000000000296E000-memory.dmp

Filesize
248KB

Download
memory/4636-54-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/4636-55-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/4636-56-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download