5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d

Analysis

max time kernel
158s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
Size

2.8MB
MD5

35e288c998c6bd998a015bc409d8e5e2
SHA1

62e2b709f96d0ac168a9909ee48b81bc803b93c7
SHA256

5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d
SHA512

932446a648339e33fb1aff05b0ef31f2ca2e8f09da5b22025c401aabca758d4130368c7d2a008963d57d48d02bec2f030ddbd216cf743565f72a86763d4e9aa3
SSDEEP

49152:ra7vo3ZM0DqFJckphaaB6PtjPxWK1hOhhZmy4AQoTbO0tIsJ:ra7ApT+FJu7HfLEbQoTbOOJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1304-13086-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13089-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13088-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13090-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13091-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13092-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13094-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13096-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13098-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13101-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13103-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13105-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13107-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13109-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13111-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13113-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13115-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13119-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13117-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13121-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13123-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13125-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13127-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13129-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13131-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13133-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/1304-13135-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 35 IoCs

pid	Process
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
1304	5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe

C:\Users\Admin\AppData\Local\Temp\5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe
"C:\Users\Admin\AppData\Local\Temp\5a4585eba262fa835563e5dafb33e22ae2fa7a79f26760defee00f3f67f4776d.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1304-0-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-1-0x0000000076CD0000-0x0000000076EE5000-memory.dmp

Filesize
2.1MB

Download
memory/1304-3875-0x0000000075D00000-0x0000000075EA0000-memory.dmp

Filesize
1.6MB

Download
memory/1304-5884-0x0000000076C50000-0x0000000076CCA000-memory.dmp

Filesize
488KB

Download
memory/1304-13069-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13070-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13071-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13072-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13074-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13075-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13076-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13077-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13078-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13079-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13080-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13081-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13082-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13084-0x00000000028C0000-0x00000000028F3000-memory.dmp

Filesize
204KB

Download
memory/1304-13086-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13089-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13088-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13090-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13091-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13092-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13094-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13096-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13098-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13101-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13103-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13105-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13107-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13109-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13111-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13113-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13115-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13119-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13117-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13121-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13123-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13125-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13127-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13129-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13131-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13133-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13134-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13135-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1304-13136-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13137-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13138-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13139-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13140-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13141-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download
memory/1304-13142-0x0000000000400000-0x00000000009E8000-memory.dmp

Filesize
5.9MB

Download