83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b

Analysis

max time kernel
138s
max time network
145s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
28/10/2023, 17:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
Size

15.4MB
MD5

5816abbf66179a1f8dbe38824fcbc563
SHA1

f31d0f4bf669fbe90089e1c4b47beac667fc6b37
SHA256

83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b
SHA512

85fd2c140595535bce93847c4666abc8764a78a73ef322622ba7dc1686659429e6770cb126d82fb39eda8be743b99150cd4a72dbb84bb15f1b0ce34121023676
SSDEEP

393216:A0YUHb12sBYyXqo+gAAl6PXutUHdyl7z/:AzUHb1NXqohlua+Elv

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2632-46-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral1/memory/2632-51-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-53-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-54-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-55-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-56-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-58-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-61-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-63-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-65-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-67-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-70-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-72-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-74-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-76-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-80-0x0000000010000000-0x0000000010018000-memory.dmp	upx
behavioral1/memory/2632-82-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-86-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-89-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-92-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-95-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-98-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-101-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-104-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-107-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-109-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx
behavioral1/memory/2632-110-0x0000000008B50000-0x0000000008B8E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
2632	83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe

C:\Users\Admin\AppData\Local\Temp\83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe
"C:\Users\Admin\AppData\Local\Temp\83505070e643afd170792ca8546dd47fb1fe8739b1aa3e4f65985d559cae020b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\lock.dll

Filesize
2.8MB

MD5
1cf6b966365f29d060154fa5eb5c7f72

SHA1
bb110d37a96878c8c024a450d0b09cc28ef03cf0

SHA256
0e11b955048104466ed8d86db346628c1b30118ae116fa0428b0c34f486d8cf3

SHA512
6bc266813f4518f1b5e958c047972072d6d43996add9587b3c3b7ac64e2406784a2240cc9b815f29208b9b3ef77e0b647a1201ef39aab10eb3bec297294d2dad

Download Submit
\Users\Admin\AppData\Local\Temp\E2EECore.2.7.2.dll

Filesize
8.4MB

MD5
8b6c94bbdbfb213e94a5dcb4fac28ce3

SHA1
b56102ca4f03556f387f8b30e2b404efabe0cb65

SHA256
982a177924762f270b36fe34c7d6847392b48ae53151dc2011078dceef487a53

SHA512
9d6d63b5d8cf7a978d7e91126d7a343c2f7acd00022da9d692f63e50835fdd84a59a93328564f10622f2b1f6adfd7febdd98b8ddb294d0754ed45cc9c165d25a

Download Submit
memory/2632-15-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2632-14-0x0000000000400000-0x000000000249C000-memory.dmp

Filesize
32.6MB

Download
memory/2632-12-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2632-11-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2632-9-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2632-7-0x0000000077660000-0x0000000077661000-memory.dmp

Filesize
4KB

Download
memory/2632-6-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2632-5-0x0000000000400000-0x000000000249C000-memory.dmp

Filesize
32.6MB

Download
memory/2632-4-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2632-2-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2632-0-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2632-17-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2632-22-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2632-20-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2632-25-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2632-27-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2632-30-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2632-32-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/2632-35-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2632-37-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2632-46-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2632-51-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-53-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-54-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-55-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-56-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-59-0x0000000000400000-0x000000000249C000-memory.dmp

Filesize
32.6MB

Download
memory/2632-58-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-61-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-63-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-65-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-67-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-68-0x0000000000400000-0x000000000249C000-memory.dmp

Filesize
32.6MB

Download
memory/2632-70-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-72-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-74-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-76-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-80-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download
memory/2632-82-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-86-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-89-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-92-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-95-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-98-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-101-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-104-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-107-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-109-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download
memory/2632-110-0x0000000008B50000-0x0000000008B8E000-memory.dmp

Filesize
248KB

Download