185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d

General

Target

185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe
Size

2.8MB
MD5

28ddba93e17ea19ac03398109fd6ba64
SHA1

940499d358b63f7854e919ea7f49f89df325d95e
SHA256

185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d
SHA512

ecd3887239fa4a58c52184ff552275f4c0ec9bda0a4899296dc701205428ac20aee9bdaeb0c85f4d9b187784554584e5a90f9d917c1884af25e75a2203013b3b
SSDEEP

49152:JCWHtWHVhLIVotNLM7MaAgLnAAswUS25FV:30HVaotlMIaAFnwUT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2140-20-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-22-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-19-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-18-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-26-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-24-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-29-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-37-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-39-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-35-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-33-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-31-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-42-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-44-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-46-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-48-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-50-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-53-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-55-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-59-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-57-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-61-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-64-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx
behavioral1/memory/2140-65-0x00000000020A0000-0x00000000020D8000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2140	185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe
2140	185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2140	185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2140	185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe
2140	185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe
2140	185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe
2140	185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe

C:\Users\Admin\AppData\Local\Temp\185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe
"C:\Users\Admin\AppData\Local\Temp\185753c0da9601c778c2660fb53dc12cb292a0d22f03075979ccd0605a8db57d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2140-20-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-22-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-19-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-18-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-26-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-24-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-29-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-37-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-39-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-35-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-33-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-31-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-42-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-44-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-46-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-48-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-50-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-53-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-55-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-59-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-57-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-61-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-64-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download
memory/2140-65-0x00000000020A0000-0x00000000020D8000-memory.dmp

Filesize
224KB

Download

Analysis

Sharing