1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
Size

14.4MB
MD5

c9241818b05ea0d117e8688081f7a47a
SHA1

31b76ad8e1e2126810bd301faf68295780f106d8
SHA256

1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885
SHA512

8ba823df8219d2ab85ab8758b147d3fbad89157f662d433ff7a40fc887d2198ebeff96cc591c46a0ac66573771d98fc8390a98fd4447751f3606f5bf8f1b9e28
SSDEEP

393216:fqJEHyfJr5SFRyyF8lc74dTlqtkLkXB8wSs37m:mfuhF6c749leaGBDSs37m

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1320-143-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-147-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-150-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-153-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-157-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-166-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-168-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-172-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx
behavioral1/memory/1320-194-0x0000000002C00000-0x0000000002C3E000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1320-102-0x0000000002CA0000-0x0000000003A7D000-memory.dmp	vmprotect
behavioral1/memory/1320-106-0x0000000002CA0000-0x0000000003A7D000-memory.dmp	vmprotect
behavioral1/memory/1320-164-0x0000000002CA0000-0x0000000003A7D000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
1320	1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe

C:\Users\Admin\AppData\Local\Temp\1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe
"C:\Users\Admin\AppData\Local\Temp\1616c261b01084d4928e94269e6551172835b6e0349d780df6cbc435749a9885.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1320-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1320-2-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1320-5-0x0000000000400000-0x0000000001289000-memory.dmp

Filesize
14.5MB

Download
memory/1320-4-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1320-7-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1320-9-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1320-11-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1320-12-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1320-15-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1320-13-0x0000000077060000-0x0000000077061000-memory.dmp

Filesize
4KB

Download
memory/1320-17-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1320-19-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1320-18-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-21-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1320-23-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/1320-25-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1320-24-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-27-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1320-33-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1320-30-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-31-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1320-29-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1320-35-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/1320-37-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1320-36-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-39-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1320-41-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/1320-42-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-43-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1320-45-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1320-47-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1320-49-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/1320-48-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-51-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/1320-53-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/1320-54-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1320-56-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1320-57-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-59-0x00000000002D0000-0x00000000002D1000-memory.dmp

Filesize
4KB

Download
memory/1320-60-0x0000000077060000-0x0000000077061000-memory.dmp

Filesize
4KB

Download
memory/1320-61-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1320-63-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1320-65-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/1320-67-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1320-66-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-69-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1320-71-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1320-72-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-73-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1320-75-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1320-78-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-84-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-90-0x000000007705F000-0x0000000077060000-memory.dmp

Filesize
4KB

Download
memory/1320-102-0x0000000002CA0000-0x0000000003A7D000-memory.dmp

Filesize
13.9MB

Download
memory/1320-106-0x0000000002CA0000-0x0000000003A7D000-memory.dmp

Filesize
13.9MB

Download
memory/1320-138-0x0000000077060000-0x0000000077061000-memory.dmp

Filesize
4KB

Download
memory/1320-139-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/1320-143-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-147-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-150-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-153-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-157-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-164-0x0000000002CA0000-0x0000000003A7D000-memory.dmp

Filesize
13.9MB

Download
memory/1320-166-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-168-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-172-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download
memory/1320-194-0x0000000002C00000-0x0000000002C3E000-memory.dmp

Filesize
248KB

Download