9894cef475d09bd2f4f8d205db6883de58cf7e3202aaa50ecaffc235f4b9dca7

General

Target

365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.exe
Size

1.8MB
MD5

2b6d1bad2c04c4883d7429a197e67666
SHA1

817c80631bf584bb18a63d45a24f26cea3ad11ad
SHA256

365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef
SHA512

449f087e93609a30d6d45bee35962e23013e8d769f5419a31ee14be1e757bf97924376d36de0d9a4506f07df6adb9e07e79bcf7e95938bb478d30afdc55362e7
SSDEEP

49152:Jxq1vu5zkd1XqmwUdiviDGAHwzWwWGODtY:Jxq6k6vfWfZ2

Score

7^/10

persistence upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-15-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-16-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-26-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-43-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-68-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-85-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-106-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-143-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-168-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-193-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-230-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-255-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-280-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-313-0x0000000000400000-0x0000000000B37000-memory.dmp	upx
behavioral1/memory/2068-342-0x0000000000400000-0x0000000000B37000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3425689832-2386927309-2650718742-1000\Software\Microsoft\Windows\CurrentVersion\Run\Anchortools Launcher = "C:\\Users\\Admin\\AppData\\Local\\Temp\\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.exe"	365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2068	365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.exe

C:\Users\Admin\AppData\Local\Temp\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.exe
"C:\Users\Admin\AppData\Local\Temp\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.log

Filesize
1KB

MD5
679b9d131acbb814fd4f6dc06173aead

SHA1
70516e5833e2e653bc426fc9db5bf00c120b8f07

SHA256
27d34a0f42b7e37bdddb257b013e5e128a2089256d4b670e28adaea2a48cc2e1

SHA512
50085b8637e3ec0b72165bd4d035b5230d7341316cf43da2e4196fd6bf2353f660a60afeec898a16a18154bbebb9b586da6a6867b88b6750de84df05223edd32

Download Submit
C:\Users\Admin\AppData\Local\Temp\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.log

Filesize
1KB

MD5
37a3bbd6d2e6ca5dc18e08e1b0c7874a

SHA1
db668cd96dd9513a9ddd41951634654968aa6458

SHA256
c98ba20fab35663371e3b57c520aad645868c08c9d1d303d7ff21b48179e65e3

SHA512
853cfbdc40c682e4fc56f932c62ccd18198ef5c10f398e00b4ac557366a058ebfbf670066a2cf31eb35a7369f313fcb093fcdc964a3aec7cc6e7b3e4910c93de

Download Submit
C:\Users\Admin\AppData\Local\Temp\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.log

Filesize
2KB

MD5
633b93b3ce1fa4ed1b5cebfe282e1f5d

SHA1
1a732bda606793879f9f6826827e7404c99a99ca

SHA256
454096692d10d49f24f6e7f08fabb4341435be8c50d41507ab091790ce7e0a91

SHA512
1763f10d2a2c77b45a7cded4365e2323bb8e52ac1f6d67b917ec49abcc0212a83b6fa4b32afcacb0fe74c17fbbe797226feb5a8eea7fe509b3032be324b32a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.log

Filesize
2KB

MD5
d9163c1d68929eee5b84f5f2300e79d9

SHA1
7c8abdcf62bff41183f53a761157d9d9c4a7c4b8

SHA256
ad026b325071bb4fb166da1d0d4c2e69328cdf7be1750aabf5783aa19cbbc344

SHA512
335b2c9018a7598e8fe975f65fdd18992a108f9337f6c95e803122be6dea357820140ce52baa44a910f716376fc230ebfddbd6840c1aeee4537aa59cbadd7450

Download Submit
C:\Users\Admin\AppData\Local\Temp\365e75fab984adf085f70be41d98f76f2fbb1ea41327100e3449c2ffd4229cef.log

Filesize
4KB

MD5
ed6631cf67fe41419df6d40231ee8097

SHA1
fa7edd5faff216d9adf5b4be191c0e2a5ceace31

SHA256
6c683efdcb84f24b67f32e4f744df44dbdbb6582cbbfd8509192c1e659a6cdc1

SHA512
16961a7142f1cd22c6ec16bdedb0393fc82cdac57862c02751a2dc167b1f48cb22efed63938e1ce6629926c32e8e4a6122c9386f8471764a80bae8610fb6d357

Download Submit
memory/2068-26-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-106-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-17-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2068-43-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-16-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-15-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-68-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-85-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-1-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2068-0-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-143-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-168-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-193-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-230-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-255-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-280-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-313-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download
memory/2068-342-0x0000000000400000-0x0000000000B37000-memory.dmp

Filesize
7.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads