53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f

Analysis

max time kernel
160s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 08:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
Size

15.3MB
MD5

77c3bf45d2a17d7080e74748005d0cac
SHA1

99d87ed5e5b376f38b137e482496d1b5da9b3c5f
SHA256

53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f
SHA512

1177f805e134ea2be9eedd5b56d4109467ff4d97274f53cfae950a0f3f7a957bfeb5c116822828664b7a6d991ba3d641aa719d6017b81ec53c47b0a35e6cefe7
SSDEEP

393216:PaVNdO1VJhitXpjF3FMRNMtTys4Rg2djuDmTBAcq6kguPQ:QPgzi/sQe5RPcmdc4

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe

UPX packed file 28 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4392-12-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral2/memory/4392-13-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral2/memory/4392-30-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-33-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-34-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-35-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-36-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-38-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-40-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-42-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-44-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-46-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-48-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-52-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-56-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-54-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-58-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-50-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-60-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-66-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-69-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-64-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-71-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-73-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-62-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-75-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-77-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx
behavioral2/memory/4392-78-0x0000000009FC0000-0x0000000009FFE000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
4392	53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe

C:\Users\Admin\AppData\Local\Temp\53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe
"C:\Users\Admin\AppData\Local\Temp\53973a5a341d60286165c22da8f889500323f92a03e7001b4b2a6f90b14b791f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\lock.dll

Filesize
2.8MB

MD5
1cf6b966365f29d060154fa5eb5c7f72

SHA1
bb110d37a96878c8c024a450d0b09cc28ef03cf0

SHA256
0e11b955048104466ed8d86db346628c1b30118ae116fa0428b0c34f486d8cf3

SHA512
6bc266813f4518f1b5e958c047972072d6d43996add9587b3c3b7ac64e2406784a2240cc9b815f29208b9b3ef77e0b647a1201ef39aab10eb3bec297294d2dad

Download Submit
memory/4392-40-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-35-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-3-0x0000000002C00000-0x0000000002C01000-memory.dmp

Filesize
4KB

Download
memory/4392-4-0x0000000002C30000-0x0000000002C31000-memory.dmp

Filesize
4KB

Download
memory/4392-5-0x0000000002C40000-0x0000000002C41000-memory.dmp

Filesize
4KB

Download
memory/4392-7-0x0000000002C60000-0x0000000002C61000-memory.dmp

Filesize
4KB

Download
memory/4392-6-0x0000000002C50000-0x0000000002C51000-memory.dmp

Filesize
4KB

Download
memory/4392-9-0x0000000000400000-0x0000000002A11000-memory.dmp

Filesize
38.1MB

Download
memory/4392-12-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/4392-13-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/4392-1-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/4392-19-0x0000000000400000-0x0000000002A11000-memory.dmp

Filesize
38.1MB

Download
memory/4392-20-0x0000000000400000-0x0000000002A11000-memory.dmp

Filesize
38.1MB

Download
memory/4392-30-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-33-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-34-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-0-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/4392-36-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-2-0x0000000000400000-0x0000000002A11000-memory.dmp

Filesize
38.1MB

Download
memory/4392-38-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-48-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-44-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-46-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-42-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-52-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-56-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-54-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-58-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-50-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-60-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-66-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-69-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-64-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-71-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-73-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-62-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-75-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-77-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download
memory/4392-78-0x0000000009FC0000-0x0000000009FFE000-memory.dmp

Filesize
248KB

Download