eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13

General

Target

eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe
Size

6.3MB
MD5

44ad3020abfa917bd6f7650570409fa9
SHA1

483ef927626c0032451f67973897cafa4352effd
SHA256

eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13
SHA512

11e2c3960d0f967b3671b44cdded7fc146c180e864556fd3faad34583a8e1a48cd5bbad31f8af045aa611a5431a927779bdb27907a5ccbb13b88df0e315adbfa
SSDEEP

98304:oiqecbtzpjuklG6YjYFEKaJBAUZLRNeHHHfXXXr:ol/ZlPYjYDaJVeHHHfXXXr

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1376-8-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-12-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-10-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-13-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-16-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-18-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-20-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-22-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-26-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-24-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-28-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-30-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-34-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-48-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-51-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-55-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-57-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/1376-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\yxkey.ime	eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1376	eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe
Token: SeDebugPrivilege	1376	eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1376	eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe
1376	eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe
1376	eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe
1376	eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe

C:\Users\Admin\AppData\Local\Temp\eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe
"C:\Users\Admin\AppData\Local\Temp\eafd11eb0715c39106d59043ef821b5fadbf6dca6d3e2ac3785f71a083344c13.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1376-0-0x0000000000400000-0x0000000000AC7000-memory.dmp

Filesize
6.8MB

Download
memory/1376-8-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-12-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-10-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-13-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-16-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-18-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-20-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-22-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-26-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-24-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-28-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-30-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-34-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-48-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-51-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-55-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-57-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/1376-60-0x0000000000400000-0x0000000000AC7000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing