9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c

Analysis

max time kernel
191s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
Size

7.0MB
MD5

92d3f893a7f71481a12f8d3e65b0cee7
SHA1

5a1cb86f45ceccc581f2e56fa4333840dc4ca400
SHA256

9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c
SHA512

28f8eb96c5c2d135a457803c640b1ea29b92c1ebc89fb6c7d3c99efc0290c5b4ad9e12f3af4436af21115ece24b4501b47b50ea52307392f0b6a0408891f0582
SSDEEP

196608:LxsiAqGmLRU0GyWV9dENRQfEdHmmZKNvmv5/n2d:lYmtR6SNMkmcxv2d

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3936-13078-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13081-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13080-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13082-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13083-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13084-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13086-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13089-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13091-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13093-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13098-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13096-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13100-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13102-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13105-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13107-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13109-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13111-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13114-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13116-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13119-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13121-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13125-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13123-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13127-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13129-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral2/memory/3936-13509-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\PerfLog\Trkc\Programps\ÉÏ²Ë1.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ò»²ãw7.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\öðÓã.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÍíÉÏÉñÃØºÓ±ß.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\òÚò¼.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\w7ÉñÃØºÓ±ßÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÉñÃØÖ²Îï2ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¹«¹²³¡¾°2.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\´ÔÁÖÍâÎ§Î÷ÄÏÇÅ¼ÜÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ºÚÐÜ4.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ò¬×Ó.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¼ÓÀ±½·4.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¸Ï×ß1.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Å£ÀÉÖ¯Å®.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\´ºÏÉ1.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ñ©ÈËÓÑÒê.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\è¦´ÃÉÈ±´¿Ç.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\»Ã¾³6²ã.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\×ö³É±ê±¾.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\°ü°üw7.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Õ¨µ¯ºìÏß.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ò°¼¦4ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÔÂÍÃ2ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\È·¶¨.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\²É¼¯3.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\»¨Ä¢¹½2ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Æíµ».bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¶«ÄÏ½ÇÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\½ø¿¾Ïä3.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ºüÀêÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\·ÍêÁË.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\³öÁý1.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Äàöú.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¼ýÍ·2w7.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ê÷5.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¿ó¶´Ê¶±ð2.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ê¹ÓÃ2.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\È¡Ïû2.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÈýÐÇËéÆ¬.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ê¯°ßÓã2.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Æ¤Æ¤¹Ö3ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\½©Ê¬Íõ1ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Î¢¶Ë³Ôµô2.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\·áÊÕµ¯.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ó£»¨Ê÷1ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Íæ¼Òâã»Ú.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\º£ÐÇ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\éÙ×Ó4.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\´ÔÁÖÍâÎ§Î÷ÔËºÓÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÆæÒì¹û2ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÎÏÅ£2ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ð¡Ë§»¢2ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\»ìºÏËÇÁÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ï²Èµ1ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ð¡Ñ©¹Ö7.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÎïÆ·w7.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¹Ô¹Ô»¢3.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\¹Ô¹Ô»¢2ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Ð¡Ë§»¢1ÍíÉÏ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÄÏ¹ÏÄ¹µØÅ®×Ó.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\ÈËÎïºì²æ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\º£ëà.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Óã´¦Àí½çÃæ.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
File created	C:\Windows\PerfLog\Trkc\Programps\Õ¨µ¯.bmp	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
3936	9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe

C:\Users\Admin\AppData\Local\Temp\9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe
"C:\Users\Admin\AppData\Local\Temp\9f9eda1d938df76be3dc15304b38c96349b09b834c3406aed3f82927fabe0b9c.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3936-0-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-1-0x00000000761D0000-0x00000000763E5000-memory.dmp

Filesize
2.1MB

Download
memory/3936-3875-0x0000000074ED0000-0x0000000075070000-memory.dmp

Filesize
1.6MB

Download
memory/3936-5884-0x0000000076D90000-0x0000000076E0A000-memory.dmp

Filesize
488KB

Download
memory/3936-13069-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13070-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13071-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13072-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13073-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13074-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13075-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13076-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13077-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-13078-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13081-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13080-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13082-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13083-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13084-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13086-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13089-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13091-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13093-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13098-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13096-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13100-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13102-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13105-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13107-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13109-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13111-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13114-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13116-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13119-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13121-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13125-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13123-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13127-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13129-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-13509-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/3936-14219-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-14220-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-14221-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-14222-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-14223-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-14224-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-14225-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download
memory/3936-14226-0x0000000000400000-0x0000000000F75000-memory.dmp

Filesize
11.5MB

Download