22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
24/10/2023, 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Size

1.9MB
MD5

767868fee3a36a28c727d1ecab5b2e4e
SHA1

cda5d02cb0eddddb7e279bfb4a622c79d9f73e3b
SHA256

22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9
SHA512

923a02d4f26b474ea3892c546e56dbc808c27f8087901ea203ec7ad64a37bc52fe75878ff614e52b8e4f252682cc3b32bba7e38febabe84380e7cce61d014ea4
SSDEEP

24576:4Ow/dS8VklPA4hD4kSf7w00u91QmtNiReC2SFJNoQsbd/plKYtl+dLk40Q51RHeM:4nSHwl1yRe3QTuhpL+UQoM

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2044-8-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-7-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-9-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-12-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-14-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-10-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-16-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-18-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-20-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-23-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-25-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-27-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-30-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-32-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-34-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-36-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-38-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-40-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-42-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-44-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-46-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-48-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-51-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-54-0x0000000002620000-0x000000000265E000-memory.dmp	upx
behavioral2/memory/2044-59-0x0000000002620000-0x000000000265E000-memory.dmp	upx

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe

Suspicious use of AdjustPrivilegeToken 49 IoCs

description	pid	Process
Token: SeDebugPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 1	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeCreateTokenPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeAssignPrimaryTokenPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeLockMemoryPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeIncreaseQuotaPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeMachineAccountPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeTcbPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeSecurityPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeTakeOwnershipPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeLoadDriverPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeSystemProfilePrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeSystemtimePrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeProfSingleProcessPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeIncBasePriorityPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeCreatePagefilePrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeCreatePermanentPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeBackupPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeRestorePrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeShutdownPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeDebugPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeAuditPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeSystemEnvironmentPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeChangeNotifyPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeRemoteShutdownPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeUndockPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeSyncAgentPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeEnableDelegationPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeManageVolumePrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeImpersonatePrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: SeCreateGlobalPrivilege	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 31	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 32	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 33	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 34	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 35	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 36	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 37	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 38	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 39	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 40	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 41	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 42	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 43	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 44	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 45	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 46	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 47	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
Token: 48	2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
2044	22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe

C:\Users\Admin\AppData\Local\Temp\22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe
"C:\Users\Admin\AppData\Local\Temp\22af4203fd46ecc676a63fc75dccda479df1c53b9b1b4e009102fb4071b70dc9.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2044-0-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/2044-8-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-7-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-9-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-12-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-14-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-10-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-16-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-18-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-20-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-23-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-25-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-27-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-29-0x0000000010000000-0x000000001003C000-memory.dmp

Filesize
240KB

Download
memory/2044-30-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-32-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-34-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-36-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-38-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-40-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-42-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-44-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-46-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-48-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-51-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-54-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-55-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2044-56-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/2044-57-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/2044-58-0x0000000002700000-0x0000000002701000-memory.dmp

Filesize
4KB

Download
memory/2044-59-0x0000000002620000-0x000000000265E000-memory.dmp

Filesize
248KB

Download
memory/2044-60-0x0000000002870000-0x0000000002871000-memory.dmp

Filesize
4KB

Download
memory/2044-62-0x0000000004660000-0x0000000004661000-memory.dmp

Filesize
4KB

Download
memory/2044-61-0x00000000028B0000-0x00000000028B1000-memory.dmp

Filesize
4KB

Download
memory/2044-64-0x00000000046E0000-0x00000000046E1000-memory.dmp

Filesize
4KB

Download
memory/2044-63-0x00000000046A0000-0x00000000046A1000-memory.dmp

Filesize
4KB

Download
memory/2044-66-0x00000000046C0000-0x00000000046C1000-memory.dmp

Filesize
4KB

Download
memory/2044-65-0x0000000004680000-0x0000000004681000-memory.dmp

Filesize
4KB

Download
memory/2044-67-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/2044-68-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/2044-69-0x00000000046D0000-0x00000000046D1000-memory.dmp

Filesize
4KB

Download
memory/2044-70-0x00000000046B0000-0x00000000046B1000-memory.dmp

Filesize
4KB

Download
memory/2044-71-0x0000000004690000-0x0000000004691000-memory.dmp

Filesize
4KB

Download
memory/2044-72-0x0000000004670000-0x0000000004671000-memory.dmp

Filesize
4KB

Download
memory/2044-74-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/2044-73-0x00000000028C0000-0x00000000028C1000-memory.dmp

Filesize
4KB

Download
memory/2044-75-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/2044-76-0x0000000002860000-0x0000000002861000-memory.dmp

Filesize
4KB

Download
memory/2044-77-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/2044-78-0x0000000002F90000-0x0000000002F91000-memory.dmp

Filesize
4KB

Download